Lucene search

CiscoCISCO-SA-20190925-WEBUI-CMD-INJECTION

HistorySep 25, 2019 - 4:00 p.m.

Cisco IOS XE Software Web UI Command Injection Vulnerabilities

2019-09-2516:00:00

tools.cisco.com

0.876 High

EPSS

Percentile

98.7%

JSON

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection”]

This advisory is part of the September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-72547”].

Affected configurations

Vulners

Node

ciscorvs4000_softwareMatch16.6

ciscorvs4000_softwareMatch16.7

ciscorvs4000_softwareMatch16.8

ciscorvs4000_softwareMatch16.9

ciscorvs4000_softwareMatch16.10

ciscorvs4000_softwareMatch16.11

ciscorvs4000_softwareMatch16.6.1

ciscorvs4000_softwareMatch16.6.2

ciscorvs4000_softwareMatch16.6.3

ciscorvs4000_softwareMatch16.6.4

ciscorvs4000_softwareMatch16.6.5

ciscorvs4000_softwareMatch16.6.4s

ciscorvs4000_softwareMatch16.6.4a

ciscorvs4000_softwareMatch16.6.5a

ciscorvs4000_softwareMatch16.6.6

ciscorvs4000_softwareMatch16.6.5b

ciscorvs4000_softwareMatch16.7.1

ciscorvs4000_softwareMatch16.7.1a

ciscorvs4000_softwareMatch16.7.1b

ciscorvs4000_softwareMatch16.7.2

ciscorvs4000_softwareMatch16.7.3

ciscorvs4000_softwareMatch16.7.4

ciscorvs4000_softwareMatch16.8.1

ciscorvs4000_softwareMatch16.8.1a

ciscorvs4000_softwareMatch16.8.1b

ciscorvs4000_softwareMatch16.8.1s

ciscorvs4000_softwareMatch16.8.1c

ciscorvs4000_softwareMatch16.8.1d

ciscorvs4000_softwareMatch16.8.2

ciscorvs4000_softwareMatch16.8.1e

ciscorvs4000_softwareMatch16.8.3

ciscorvs4000_softwareMatch16.9.1

ciscorvs4000_softwareMatch16.9.2

ciscorvs4000_softwareMatch16.9.1a

ciscorvs4000_softwareMatch16.9.1b

ciscorvs4000_softwareMatch16.9.1s

ciscorvs4000_softwareMatch16.9.1c

ciscorvs4000_softwareMatch16.9.1d

ciscorvs4000_softwareMatch16.9.3

ciscorvs4000_softwareMatch16.9.2a

ciscorvs4000_softwareMatch16.9.2s

ciscorvs4000_softwareMatch16.9.3h

ciscorvs4000_softwareMatch16.9.3s

ciscorvs4000_softwareMatch16.9.3a

ciscorvs4000_softwareMatch16.10.1

ciscorvs4000_softwareMatch16.10.1a

ciscorvs4000_softwareMatch16.10.1b

ciscorvs4000_softwareMatch16.10.1s

ciscorvs4000_softwareMatch16.10.1c

ciscorvs4000_softwareMatch16.10.1e

ciscorvs4000_softwareMatch16.10.1d

ciscorvs4000_softwareMatch16.10.2

ciscorvs4000_softwareMatch16.10.1f

ciscorvs4000_softwareMatch16.10.1g

ciscorvs4000_softwareMatch16.11.1

ciscorvs4000_softwareMatch16.11.1a

ciscorvs4000_softwareMatch16.11.1b

ciscorvs4000_softwareMatch16.11.1s

ciscorvs4000_softwareMatch16.11.1c

CPENameOperatorVersion
cisco ios xe softwareeq16.6
cisco ios xe softwareeq16.7
cisco ios xe softwareeq16.8
cisco ios xe softwareeq16.9
cisco ios xe softwareeq16.10
cisco ios xe softwareeq16.11
cisco ios xe softwareeq16.6.1
cisco ios xe softwareeq16.6.2
cisco ios xe softwareeq16.6.3
cisco ios xe softwareeq16.6.4

Name	Operator	Version
cisco ios xe software	eq	16.6
cisco ios xe software	eq	16.7
cisco ios xe software	eq	16.8
cisco ios xe software	eq	16.9
cisco ios xe software	eq	16.10
cisco ios xe software	eq	16.11
cisco ios xe software	eq	16.6.1
cisco ios xe software	eq	16.6.2
cisco ios xe software	eq	16.6.3
cisco ios xe software	eq	16.6.4