CVE-2016-1456OS Command Injection in Cisco IOS XR

CWE-264CWE-78OS Command Injection5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 75.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedJul 15
Latest updateMay 17

Description

The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/ios_xr6.0.0, 6.0.1, 6.0_base+2

🔴Vulnerability Details

2
GHSA
GHSA-4q37-wpfr-m8xh: The CLI in Cisco IOS XR 62022-05-17
CVEList
CVE-2016-1456: The CLI in Cisco IOS XR 62016-07-15

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Command Injection Vulnerability2016-07-14

💬Community

1
Bugzilla
CVE-2016-9185 openstack-heat: Template source URL allows network port scan2016-11-04
CVE-2016-1456 — OS Command Injection in Cisco IOS XR | cvebase