cnvd - cnvd-2018-20299

cnvd-2018-20299

Vulnerability from cnvd

Title: Cisco IOS XE Software CLI解析器命令注入漏洞（CNVD-2018-20299）

Description:

Cisco IOS XE Software是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。CLI parser是其中的一个命令行命令解析器。

Cisco IOS XE Software中的CLI解析器存在命令注入漏洞，该漏洞源于受影响的应用程序未能正确过滤命令参数。本地攻击者可通过执行带有自定义参数的CLI命令利用该漏洞以root权限在底层Linux shell上执行命令。

Severity: 高

Patch Name: Cisco IOS XE Software CLI解析器命令注入漏洞（CNVD-2018-20299）的补丁

Patch Description:

Cisco IOS XE Software是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。CLI parser是其中的一个命令行命令解析器。

Cisco IOS XE Software中的CLI解析器存在命令注入漏洞，该漏洞源于受影响的应用程序未能正确过滤命令参数。本地攻击者可通过执行带有自定义参数的CLI命令利用该漏洞以root权限在底层Linux shell上执行命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj

Impacted products

Name
Cisco IOS XE Software

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0481"
    }
  },
  "description": "Cisco IOS XE Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002CLI parser\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u547d\u4ee4\u884c\u547d\u4ee4\u89e3\u6790\u5668\u3002\r\n\r\nCisco IOS XE Software\u4e2d\u7684CLI\u89e3\u6790\u5668\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u547d\u4ee4\u53c2\u6570\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6267\u884c\u5e26\u6709\u81ea\u5b9a\u4e49\u53c2\u6570\u7684CLI\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u5728\u5e95\u5c42Linux shell\u4e0a\u6267\u884c\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20299",
  "openTime": "2018-09-30",
  "patchDescription": "Cisco IOS XE Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002CLI parser\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u547d\u4ee4\u884c\u547d\u4ee4\u89e3\u6790\u5668\u3002\r\n\r\nCisco IOS XE Software\u4e2d\u7684CLI\u89e3\u6790\u5668\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u547d\u4ee4\u53c2\u6570\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6267\u884c\u5e26\u6709\u81ea\u5b9a\u4e49\u53c2\u6570\u7684CLI\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u5728\u5e95\u5c42Linux shell\u4e0a\u6267\u884c\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS XE Software CLI\u89e3\u6790\u5668\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2018-20299\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco IOS XE Software"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-30",
  "title": "Cisco IOS XE Software CLI\u89e3\u6790\u5668\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2018-20299\uff09"
}

CVE-2018-0481 (GCVE-0-2018-0481)

Vulnerability from cvelistv5

Published

2018-10-05 14:00

Modified

2024-11-26 14:36

Severity ?

CWE

CWE-77

Summary

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1041737	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:10.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20180926 Cisco IOS XE Software Command Injection Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj"
          },
          {
            "name": "1041737",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041737"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0481",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:51:22.179698Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:36:54.049Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-07T09:57:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20180926 Cisco IOS XE Software Command Injection Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj"
        },
        {
          "name": "1041737",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041737"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20180926-iosxe-cmdinj",
        "defect": [
          [
            "CSCvh02919",
            "CSCvh54202"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco IOS XE Software Command Injection Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-09-26T16:00:00-0500",
          "ID": "CVE-2018-0481",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XE Software Command Injection Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180926 Cisco IOS XE Software Command Injection Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj"
            },
            {
              "name": "1041737",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041737"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20180926-iosxe-cmdinj",
          "defect": [
            [
              "CSCvh02919",
              "CSCvh54202"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0481",
    "datePublished": "2018-10-05T14:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:36:54.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted