Cisco IOS and IOS XE iox Command Injection Vulnerability

A vulnerability exists in the iox command in Cisco IOS and IOS XE Software that could allow an authenticated, local attacker to perform command injection into the IOx Linux guest operating system (GOS).

This vulnerability is due to insufficient input validation of iox command line arguments. An attacker could exploit this vulnerability by providing crafted options to the iox command. An exploit could allow the attacker to execute commands of their choice in the Linux GOS.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2cVboZ2 A vulnerability exists in the iox command in Cisco IOS and IOS XE Software that could allow an authenticated, local attacker to perform command injection into the IOx Linux guest operating system (GOS).

This vulnerability is due to insufficient input validation of iox command line arguments. An attacker could exploit this vulnerability by providing crafted options to the iox command. An exploit could allow the attacker to execute commands of their choice in the Linux GOS.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2cVboZ2
Security Impact Rating: Medium
CVE: CVE-2016-6414

from Cisco Security Advisory http://ift.tt/2cVboZ2