![cisco ios xe 16.6.1 cisco ios xe 16.6.1](https://1.bp.blogspot.com/-MNz-UXP8ygA/XCwCyaLBPfI/AAAAAAAABac/4XXE7wkqYxAp61bsUZmmBexOaeSs2E-CgCLcBGAs/s1600/Cisco%2BIOS%2BXE.png)
This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. The default state of the HTTP Server feature is version-dependent. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. Cisco Bug IDs: CSCvd75185.Ī vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device.
CISCO IOS XE 16.6.1 CODE
The Cisco ASR 1000 Series Aggregation Services Routers and Cisco Cloud Services Router 1000V Series contain the same code logic, so affected trains have had the code fix applied however, on these two products, the vulnerability has not been observed in the field or successfully reproduced internally. In the field and internal testing, this vulnerability was only observed or reproduced on the Cisco cBR-8 Converged Broadband Router. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Router 1000V Series when configured with IPv6. An exploit could allow the attacker to cause an interface queue wedge. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. The vulnerability is due to incorrect handling of crafted IPv6 packets. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.Ī vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device.
![cisco ios xe 16.6.1 cisco ios xe 16.6.1](https://www.cisco.com/c/dam/en/us/td/i/200001-300000/270001-280000/273001-274000/273885.eps/_jcr_content/renditions/273885.jpg)
An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution.
![cisco ios xe 16.6.1 cisco ios xe 16.6.1](https://thaiitstore.com/media/catalog/product/cache/1/image/650x/8c4c821123cacd4e53e1ea39887fc156/c/i/cisco-catalyst-c9400-sup-1xl2-1.jpg)
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. There are workarounds that address this vulnerability. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition.