Input validation

2023-09-2718:15:00

PRIOn knowledge base

www.prio-n.com

web ui

cisco ios xe software

injection attack

input validation

authenticated attacker

remote attacker

crafted input

cli commands

level 15 privileges

lobby ambassador account

nvd

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.

Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.

CPENameOperatorVersion
ios_xeeq16.12.4
ios_xeeq16.12.497
ios_xeeq16.12.5
ios_xeeq16.12.597
ios_xeeq16.12.598
ios_xeeq16.12.6
ios_xeeq16.12.697
ios_xeeq16.12.7
ios_xeeq16.12.8
ios_xeeq16.12.9

Name	Operator	Version
ios_xe	eq	16.12.4
ios_xe	eq	16.12.497
ios_xe	eq	16.12.5
ios_xe	eq	16.12.597
ios_xe	eq	16.12.598
ios_xe	eq	16.12.6
ios_xe	eq	16.12.697
ios_xe	eq	16.12.7
ios_xe	eq	16.12.8
ios_xe	eq	16.12.9