CVE-2019-12666Path Traversal in Cisco IOS XE Software 16.4.1

CWE-22Path Traversal4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 96.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE Software 16.4.1Cisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 24

Description

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software_16.4.1unspecifiedn/a
NVDcisco/ios_xe16.416.6.5+2

🔴Vulnerability Details

2
GHSA
GHSA-2phx-jm8v-c5v7: A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Li2022-05-24
CVEList
Cisco IOS XE Software Path Traversal Vulnerability2019-09-25

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Path Traversal Vulnerability2019-09-25
CVE-2019-12666 — Path Traversal in Cisco | cvebase