Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:CISCO:IOS-XE-CI |
|---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cisco IOS XE WebUI Privileged Command Injection |
Release Date |
2019/11/28 |
Update Number |
3228 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Cisco IOS XE WebUI Privileged Command Injection
This signature detects attempts to exploit a known vulnerability against WebUI component of Cisco IOS XE. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected Products
- Cisco ios 16.11.1
- Cisco ios_xe 16.6.5
- Cisco ios_xe 17.1.1
References
- CVE: CVE-2019-12651
- CVE: CVE-2019-12650