Command injection in Cisco IOS XE - CVE-2018-0184
Published: March 29, 2018
Vulnerability identifier: #VU11346
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0184
CWE-ID: CWE-77
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS XE
Cisco IOS XE
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the CLI parser of Cisco IOS XE Software due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. A local attacker with privileged EXEC mode (privilege level 15) access can execute CLI commands that contain crafted arguments, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
The weakness exists in the CLI parser of Cisco IOS XE Software due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. A local attacker with privileged EXEC mode (privilege level 15) access can execute CLI commands that contain crafted arguments, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
How to mitigate CVE-2018-0184
The vulnerability is addressed in the following version 16.6.2, 16.7(0.121), 16.6(1.70), 16.5(1.315), 16.3(5.17), 15.7(3.1.14A)OT, 15.7(3.1.9T)OT, 15.7(3.0t)M, 15.7(3)M1, 15.7(2.0v)M0.6, 15.6(3)M4, 15.6(3)M3.1, 15.6(2.10)SP3, 15.6(2)SP4, 15.5(3)S6.13, 15.5(3)M7, 15.5(3)M6.1, 15.5(1.0.91)SY1, 15.5(1)SY1, 15.5(1)IC1.73, 15.5(1)IA1.509, 15.4(3)S9, 15.4(3)S8.7, 15.4(3)M9, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.4.0i)E1, 15.2(6.2.72i)E, 15.2(6)E1, 15.2(4.7.12)EA7, 15.2(1)SY6, 15.2(1)SY5.97