CVE-2016-6414

HIGH

Cisco IOS - OS Command Injection via IOx Command-Line Options

Title source: llm
STIX 2.1

Description

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036876
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93091

Scores

CVSS v3 7.8
EPSS 0.0042
EPSS Percentile 33.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
cisco/ios 15.6\(1\)t1
Published Sep 22, 2016
Tracked Since Feb 18, 2026