Cisco IOS XE Software CVE-2017-6606 Local Command Execution Vulnerability

Cisco IOS XE Software is prone to a local command-execution vulnerability.

A local attacker can exploit this issue to execute arbitrary commands within the context of the application.

This issue is being tracked by Cisco Bug ID's CSCuz06639 and CSCuz42122.

Information

Bugtraq ID: 97434
Class: Design Error
CVE: CVE-2017-6606

Remote: No
Local: Yes
Published: Apr 05 2017 12:00AM
Credit: Cisco.
Vulnerable: Cisco Ios 16.2
Cisco Ios 16.1.2
Cisco Ios 15.6(1.1)S
Cisco IOS 15.2(1)E

Not Vulnerable:

References:

• Cisco Homepage (Cisco)
  
• Cisco IOS XE Software Startup Script Local Command Execution Vulnerability (Cisco)
  

Source: www.securityfocus.com