CVE-2018-0169OS Command Injection in Cisco IOS

CWE-264CWE-78OS Command Injection5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 62.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 28
Latest updateMay 13

Description

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit the

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/ios15.0\(5.59\)emd

🔴Vulnerability Details

2
GHSA
GHSA-3gw8-cfcr-c4jc: Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linu2022-05-13
CVEList
CVE-2018-0169: Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linu2018-03-28

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities2018-03-28

💬Community

1
Bugzilla
CVE-2018-0498 CVE-2018-0497 mbedtls: Two critical flaws fixed in latest release2018-08-02
CVE-2018-0169 — OS Command Injection in Cisco IOS | cvebase