A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote malicious user to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the malicious user to execute arbitrary commands on the affected device.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco ios xe 16.8.1s |
||
cisco ios xe 16.8.1b |
||
cisco ios xe 16.2.1 |
||
cisco ios xe 16.4.3 |
||
cisco ios xe 16.8.1a |
||
cisco ios xe 16.1.3 |
||
cisco ios xe 16.3.8 |
||
cisco ios xe 16.2.2 |
||
cisco ios xe 16.8.1e |
||
cisco ios xe 3.6.10e |
||
cisco ios xe 16.4.2 |
||
cisco ios xe 16.8.1d |
||
cisco ios xe 16.3.2 |
||
cisco ios xe 16.3.1a |
||
cisco ios xe 16.3.5 |
||
cisco ios xe 16.7.1 |
||
cisco ios xe 16.1.1 |
||
cisco ios xe 16.1.2 |
||
cisco ios xe 16.5.1 |
||
cisco ios xe 16.3.4 |
||
cisco ios xe 16.8.1 |
||
cisco ios xe 16.4.1 |
||
cisco ios xe 16.7.1b |
||
cisco ios xe 16.3.1 |
||
cisco ios xe 16.5.1a |
||
cisco ios xe 16.8.1c |
||
cisco ios xe 16.5.3 |
||
cisco ios xe 16.3.6 |
||
cisco ios xe 3.2.0ja |
||
cisco ios xe 16.7.1a |
||
cisco ios xe 16.6.2 |
||
cisco ios xe 16.5.2 |
||
cisco ios xe 16.5.1b |
||
cisco ios xe 16.3.7 |
||
cisco ios xe 16.6.1 |
||
cisco ios xe 16.3.5b |
||
cisco ios xe 16.3.3 |
||
cisco ios xe 16.6.3 |
Vulmon