Vulnerability Details : CVE-2018-0176
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370.
Products affected by CVE-2018-0176
- cpe:2.3:o:cisco:ios_xe:16.2\(0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:15.0\(5.59\)emd:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:16.1\(0\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0176
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0176
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-0176
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2018-0176
-
http://www.securityfocus.com/bid/103567
Cisco IOS XE Software Multiple Local Privilege Escalation VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040583
Cisco IOS XE Command Line Interface Validation Bugs Let Local Users Obtain Root Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1
Cisco IOS XE Software User EXEC Mode Root Shell Access VulnerabilitiesVendor Advisory
Jump to