CVE-2018-0477
MEDIUMCisco IOS XE - Authenticated OS Command Injection via CLI Parser
Title source: llmDescription
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041737
Scores
CVSS v3
6.7
EPSS
0.0049
EPSS Percentile
38.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
CWE-78
Status
published
Products (3)
cisco/ios_xe
15.3\(3\)s3.16
cisco/ios_xe
16.7\(1\)
cisco/ios_xe
16.7.1
Published
Oct 05, 2018
Tracked Since
Feb 18, 2026