A vulnerability in the command-line interface (CLI) of IOS-XR series software could allow an authenticated, local attacker to execute arbitrary code on a targeted system at the root privilege level.The vulnerability is due to incorrect permissions given to a set of users. An attacker could exploit this vulnerability by authenticating to the device and sending crafted user input to execute commands on the underlying operating system. The user has to be logged-in to the device with valid admin credentials.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2dRTbRf
A vulnerability in the command-line interface (CLI) of IOS-XR series software could allow an authenticated, local attacker to execute arbitrary code on a targeted system at the root privilege level.The vulnerability is due to incorrect permissions given to a set of users. An attacker could exploit this vulnerability by authenticating to the device and sending crafted user input to execute commands on the underlying operating system. The user has to be logged-in to the device with valid admin credentials.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2dRTbRf
Security Impact Rating: Medium
CVE: CVE-2016-6428
from Cisco Security Advisory http://ift.tt/2dRTbRf
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.