| Vulnerability Name: | CVE-2016-6414 (CCN-117089) | ||||||||||||
| Assigned: | 2016-09-21 | ||||||||||||
| Published: | 2016-09-21 | ||||||||||||
| Updated: | 2017-07-30 | ||||||||||||
| Summary: | iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-6414 Source: CISCO Type: Vendor Advisory 20160921 Cisco IOS and IOS XE iox Command Injection Vulnerability Source: BID Type: UNKNOWN 93091 Source: CCN Type: BID-93091 Cisco IOS and IOS XE Software CVE-2016-6414 Local Command Injection Vulnerability Source: SECTRACK Type: UNKNOWN 1036876 Source: XF Type: UNKNOWN ciscoios-cve20166414-command-exec(117089) Source: CCN Type: Cisco Security Advisory cisco-sa-20160921-iox Cisco IOS and IOS XE iox Command Injection Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||