Guest

Preview Tool

Cisco Bug: CSCvs75505 - Cisco IOS XE SD-WAN Software Command Injection Vulnerability

Last Modified

Sep 03, 2020

Products (18)

  • Cisco IOS
  • Cisco 4221 Integrated Services Router
  • Cisco 4431 Integrated Services Router
  • Cisco 4331 Integrated Services Router
  • Cisco VG400 Analog Voice Gateway
  • Cisco 4321 Integrated Services Router
  • Cisco VG450 Analog Voice Gateways
  • Cisco ASR 1002-X Router
  • Cisco ASR 1001-X Router
  • Cisco 4451-X Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

16.12 17.2 17.3 Gibraltar-16.10.2

Description (partial)

Symptom:
A vulnerability in the CLI of Cisco IOS XE SD-WAN software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn

Conditions:
Please refer to the Security Advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.