Main Vulnerability Database SB2016071502

SB2016071502 - Input validation error in Cisco IOS XR

Published: July 15, 2016 Updated: July 12, 2020

Security Bulletin ID SB2016071502

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2016-1456)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to obtain elevated privileges on the target system.

The vulnerability exists due to insufficient input validation. A local user can cause execute arbitrary commands by submitting crafted input to a command in a specific container.

Successful exploitation of this vulnerability may result in arbitrary commands execution with root privileges.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ios-xr