CVE-2019-12661Command Injection in Cisco IOS XE Software

CWE-77Command InjectionCWE-78OS Command Injection4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 87.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 24

Description

A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_softwareunspecifiedn/a
NVDcisco/ios_xe7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-8xwh-p7g5-63f6: A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execut2022-05-24
CVEList
Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability2019-09-25

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability2019-09-25
CVE-2019-12661 — Command Injection in Cisco | cvebase