virus logo Intrusion Prevention

Cisco.IOS.XE.Web.UI.REST.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in Cisco IOS XE Software.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

description-logoOutbreak Alert

Active exploitation of a previously unknown vulnerabilities in the Web User Interface (Web UI) of Cisco IOS XE software when exposed to the internet or untrusted networks. According to open source articles, thousands of vulnerable devices have been compromised.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Cisco IOS XE Software 17.9.x prior to 17.9.4a
Cisco IOS XE Software 17.6.x prior to 17.6.6a
Cisco IOS XE Software 17.3.x prior to 17.3.8a
Cisco IOS XE Software 16.12.x prior to 16.12.10a

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2023-11-27 26.684
Modified
 Sig Added
2023-11-27 26.684
Modified
 Default_action:pass:drop
2023-11-07 26.672
New
ID 54336
Created Nov 02, 2023
Updated Nov 27, 2023
CVE ID
Tags Cisco IOS XE Web UI Vulnerability
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 92.38%
Default Action drop
Active
Affected OS Linux
Affected App Cisco
Profile Type Code Injection