#VU11348 Command injection in Cisco IOS XE - CVE-2018-0176
Published: March 29, 2018
Vulnerability identifier: #VU11348
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0176
CWE-ID: CWE-77
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the CLI parser of Cisco IOS XE Software due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. A local attacker with privileged EXEC mode (privilege level 15) access can execute CLI commands that contain crafted arguments, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
The weakness exists in the CLI parser of Cisco IOS XE Software due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. A local attacker with privileged EXEC mode (privilege level 15) access can execute CLI commands that contain crafted arguments, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
Remediation
The vulnerability is addressed in the following version: 15.0(9.0)PKD, 3.2(0)SE, 16.1.116.1(0.196), 15.6(2.13)SP3, 15.6(2)SP4, 15.5(3)S6.17, 15.5(1.0.93)SY1, 15.5(1)SY1,
15.5(1)IC1.112, 15.5(1)IA1.533, 15.4(3)S9, 15.4(3)S8.7, 15.4(1.1.21)SY4, 15.4(1)SY4, 15.2(6.5.3i)E1
15.2(6.4.81i)E1, 15.2(6)E1, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.128, 15.1(2)SY11.56, 15.0(1.9.1)SQD8, 12.2(60)EZ13.
15.5(1)IC1.112, 15.5(1)IA1.533, 15.4(3)S9, 15.4(3)S8.7, 15.4(1.1.21)SY4, 15.4(1)SY4, 15.2(6.5.3i)E1
15.2(6.4.81i)E1, 15.2(6)E1, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.128, 15.1(2)SY11.56, 15.0(1.9.1)SQD8, 12.2(60)EZ13.