Cisco IOS XE CLI Parser Argument command injection

Summaryinfo

A vulnerability, which was classified as critical, was found in Cisco IOS XE. The impacted element is an unknown function of the component CLI Parser. Such manipulation as part of Argument leads to command injection. This vulnerability is listed as CVE-2018-0477. The attack must be carried out locally. There is no available exploit. You should upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Cisco IOS XE (Router Operating System) (affected version not known). Affected by this issue is some unknown functionality of the component CLI Parser. The manipulation as part of a Argument leads to a command injection vulnerability. Using CWE to declare the problem leads to CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. CVE summarizes:

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.

The bug was discovered 09/26/2018. The weakness was presented 10/05/2018 as cisco-sa-20180926-iosxe-cmdinj as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is handled as CVE-2018-0477 since 11/26/2017. The attack needs to be approached locally. A simple authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1202.

The vulnerability scanner Nessus provides a plugin with the ID 117947 (Cisco IOS XE Software Command Injection Vulnerabilities (cisco-sa-20180926-iosxe-cmdinj)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316322 (Cisco IOS XE Software Command Injection Vulnerabilities(cisco-sa-20180926-iosxe-cmdinj)).

Upgrading eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (117947). See VDB-124870 for similar entry. Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• IOS XE

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion