A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote malicious user to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the malicious user to execute arbitrary commands as the root user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios xe 16.9.1 |
||
cisco ios xe 16.9.1a |
||
cisco ios xe 16.9.1b |
||
cisco ios xe 16.9.1c |
||
cisco ios xe 16.9.1d |
||
cisco ios xe 16.9.1s |
||
cisco ios xe 16.9.2 |
||
cisco ios xe 16.9.2a |
||
cisco ios xe 16.9.2s |
||
cisco ios xe 16.9.3 |
||
cisco ios xe 16.9.3a |
||
cisco ios xe 16.9.3h |
||
cisco ios xe 16.9.3s |
||
cisco ios xe 16.9.4 |
||
cisco ios xe 16.9.4c |
||
cisco ios xe 16.9.5 |
||
cisco ios xe 16.9.5f |
||
cisco ios xe 16.9.6 |
||
cisco ios xe 16.10.1 |
||
cisco ios xe 16.10.1a |
||
cisco ios xe 16.10.1b |
||
cisco ios xe 16.10.1c |
||
cisco ios xe 16.10.1d |
||
cisco ios xe 16.10.1e |
||
cisco ios xe 16.10.1f |
||
cisco ios xe 16.10.1g |
||
cisco ios xe 16.10.1s |
||
cisco ios xe 16.10.2 |
||
cisco ios xe 16.10.3 |
||
cisco ios xe 16.11.1 |
||
cisco ios xe 16.11.1a |
||
cisco ios xe 16.11.1b |
||
cisco ios xe 16.11.1c |
||
cisco ios xe 16.11.1s |
||
cisco ios xe 16.11.2 |
||
cisco ios xe 17.2.1v |