Input validation

2022-04-1515:15:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands with level 15 privileges on the affected device.

CPENameOperatorVersion
ios_xeeq16.12.1
ios_xeeq16.11.1
ios_xeeq17.1.1
ios_xeeq16.11.197
ios_xeeq16.12.199
ios_xeeq16.12.1116
ios_xeeq16.11.2
ios_xeeq16.12.1115
ios_xeeq16.12.197
ios_xeeq16.12.1120

Name	Operator	Version
ios_xe	eq	16.12.1
ios_xe	eq	16.11.1
ios_xe	eq	17.1.1
ios_xe	eq	16.11.197
ios_xe	eq	16.12.199
ios_xe	eq	16.12.1116
ios_xe	eq	16.11.2
ios_xe	eq	16.12.1115
ios_xe	eq	16.12.197
ios_xe	eq	16.12.1120