A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote malicious user to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the malicious user to run arbitrary commands on the device with root privileges, which may lead to complete system compromise.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios xe 16.3.7 |
That's how you pronounce ๐พ๐พ๐พ: A means to bury spyware deep inside pwned networking gear Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are โ oh no, wait, it's Cisco again
Security weaknesses at the heart of some of Cisco's network routers, switches, and firewalls can be exploited by hackers to hide spyware deep inside compromised equipment. In order to exploit these flaws, dubbed ๐พ๐พ๐พ or Thrangrycat by their discoverers, a miscreant or rogue employee needs to be able to log into the vulnerable device as an administrator, and can thus already do a lot of damage or snooping on your enterprise anyway. What makes ๐พ๐พ๐พ interesting is that it can be use...