CVE-2018-0183 — OS Command Injection in Cisco IOS XE
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 80.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 28
Latest updateMay 13
Description
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vul…
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-63wv-6q3h-cwmr: A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell o↗2022-05-13
CVEList▶
CVE-2018-0183: A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell o↗2018-03-28
📋Vendor Advisories
1Cisco▶
Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access Vulnerability↗2018-03-28