// For flags

CVE-2018-0193

 

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.

Múltiples vulnerabilidades en el analizador CLI de Cisco IOS XE Software podrían permitir que un atacante local autenticado inyecte comandos arbitrarios en el CLI del software afectado. Esto podría permitir que el atacante obtenga acceso al shell Linux subyacente de un dispositivo afectado y ejecute comandos con privilegios root en el dispositivo. La vulnerabilidad existe debido a que el software afectado no sanea lo suficiente los argumentos de comando antes de pasar los comandos al shell de Linux para ejecutarlos. Un atacante podría explotar estas vulnerabilidades mediante el envío de un comando CLI malicioso al software afectado. Si se explota con éxito, podría permitir que el atacante salga del CLI del software afectado. Esto podría permitir que el atacante obtenga acceso al shell Linux subyacente de un dispositivo afectado y ejecute comandos arbitrarios con privilegios root en el dispositivo. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-27 CVE Reserved
  • 2018-03-28 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
< 16.3.1
Search vendor "Cisco" for product "Ios Xe" and version " < 16.3.1"
-
Affected