CVE-2016-6414OS Command Injection in Cisco IOS

CWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 55.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 22
Latest updateMay 17

Description

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/ios15.6\(1\)t1

🔴Vulnerability Details

2
GHSA
GHSA-j6mp-pxmq-5rv6: iox in Cisco IOS, possibly 152022-05-17
CVEList
CVE-2016-6414: iox in Cisco IOS, possibly 152016-09-22

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE iox Command Injection Vulnerability2016-09-21
CVE-2016-6414 — OS Command Injection in Cisco IOS | cvebase