A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97434 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038190 | |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe | Vendor Advisory |
http://www.securityfocus.com/bid/97434 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038190 | |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/97434 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1038190 - | |
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe - Vendor Advisory |
Information
Published : 2017-04-07 17:59
Updated : 2024-11-21 03:30
NVD link : CVE-2017-6606
Mitre link : CVE-2017-6606
CVE.ORG link : CVE-2017-6606
JSON object : View
Products Affected
cisco
- ios_xe
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')