Published: 22/09/2016 Updated: 30/07/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

iox in Cisco IOS, possibly 15.6 and previous versions, and IOS XE, possibly 3.18 and previous versions, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.

Affected Products

Vendor Product Versions

Vendor Advisories

A vulnerability exists in the iox command in Cisco IOS and IOS XE Software that could allow an authenticated, local attacker to perform command injection into the IOx Linux guest operating system (GOS) This vulnerability is due to insufficient input validation of iox command line arguments An attacker could exploit this vulnerability by providin ...