CVE-2018-0196

MEDIUM

Cisco IOS XE - Authenticated Arbitrary File Write via Web UI HTTP Request

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of the affected software. A successful exploit could allow the attacker to write arbitrary files to the operating system of an affected device. Cisco Bug IDs: CSCvb22645.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103570

Scores

CVSS v3 4.9
EPSS 0.0103
EPSS Percentile 59.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (3)
cisco/ios_xe 16.1.2
cisco/ios_xe 16.2.0
cisco/ios_xe 16.3\(1\)
Published Mar 28, 2018
Tracked Since Feb 18, 2026