CVE-2017-6606

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.

Published: Apr 7, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-6606
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	3.2.10sg	3.2.10sg.x
cisco / ios_xe	3.3.0sq	3.3.0sq.x
cisco / ios_xe	3.13.2s	3.13.2s.x
cisco / ios_xe	3.2.0sg	3.2.0sg.x
cisco / ios_xe	3.10.6s	3.10.6s.x
cisco / ios_xe	3.6.2s	3.6.2s.x
cisco / ios_xe	3.7.2ts	3.7.2ts.x
cisco / ios_xe	3.5.0s	3.5.0s.x
cisco / ios_xe	3.7.4e	3.7.4e.x
cisco / ios_xe	3.15.1cs	3.15.1cs.x
cisco / ios_xe	3.13.4s	3.13.4s.x
cisco / ios_xe	3.4.1s	3.4.1s.x
cisco / ios_xe	3.4.1sg	3.4.1sg.x
cisco / ios_xe	3.3.1sq	3.3.1sq.x
cisco / ios_xe	16.2.1	16.2.1.x
cisco / ios_xe	3.13.0s	3.13.0s.x
cisco / ios_xe	3.3.1s	3.3.1s.x
cisco / ios_xe	3.2.9sg	3.2.9sg.x
cisco / ios_xe	3.6.5ae	3.6.5ae.x
cisco / ios_xe	3.7.1e	3.7.1e.x
cisco / ios_xe	3.6.4e	3.6.4e.x
cisco / ios_xe	16.1.2	16.1.2.x
cisco / ios_xe	3.6.6e	3.6.6e.x
cisco / ios_xe	3.8.0s	3.8.0s.x
cisco / ios_xe	3.3.4se	3.3.4se.x
cisco / ios_xe	3.16.0s	3.16.0s.x
cisco / ios_xe	3.8.1s	3.8.1s.x
cisco / ios_xe	3.14.1s	3.14.1s.x
cisco / ios_xe	3.7.1s	3.7.1s.x
cisco / ios_xe	3.12.2s	3.12.2s.x
cisco / ios_xe	3.6.0e	3.6.0e.x
cisco / ios_xe	3.3.2s	3.3.2s.x
cisco / ios_xe	3.10.5s	3.10.5s.x
cisco / ios_xe	3.2.1xo	3.2.1xo.x
cisco / ios_xe	3.2.8sg	3.2.8sg.x
cisco / ios_xe	3.5.1e	3.5.1e.x
cisco / ios_xe	3.4.2sg	3.4.2sg.x
cisco / ios_xe	3.3.5se	3.3.5se.x
cisco / ios_xe	3.4.4sg	3.4.4sg.x
cisco / ios_xe	3.10.1s	3.10.1s.x
cisco / ios_xe	3.9.0s	3.9.0s.x
cisco / ios_xe	3.2.0xo	3.2.0xo.x
cisco / ios_xe	3.3.1sg	3.3.1sg.x
cisco / ios_xe	3.17.1as	3.17.1as.x
cisco / ios_xe	3.6.2ae	3.6.2ae.x
cisco / ios_xe	3.10.2s	3.10.2s.x
cisco / ios_xe	3.5.2s	3.5.2s.x
cisco / ios_xe	3.4.6sg	3.4.6sg.x
cisco / ios_xe	3.3.3se	3.3.3se.x
cisco / ios_xe	3.4.1sq	3.4.1sq.x
cisco / ios_xe	3.6.1s	3.6.1s.x
cisco / ios_xe	3.18.0as	3.18.0as.x
cisco / ios_xe	3.7.0bs	3.7.0bs.x
cisco / ios_xe	3.6.0s	3.6.0s.x
cisco / ios_xe	3.16.2s	3.16.2s.x
cisco / ios_xe	3.6.7e	3.6.7e.x
cisco / ios_xe	3.9.2s	3.9.2s.x
cisco / ios_xe	3.3.2se	3.3.2se.x
cisco / ios_xe	3.16.0cs	3.16.0cs.x
cisco / ios_xe	3.4.0as	3.4.0as.x
cisco / ios_xe	3.13.5s	3.13.5s.x
cisco / ios_xe	3.11.2s	3.11.2s.x
cisco / ios_xe	3.15.0s	3.15.0s.x
cisco / ios_xe	3.13.5as	3.13.5as.x
cisco / ios_xe	3.14.3s	3.14.3s.x
cisco / ios_xe	3.2.2se	3.2.2se.x
cisco / ios_xe	3.4.6s	3.4.6s.x
cisco / ios_xe	3.2.7sg	3.2.7sg.x
cisco / ios_xe	3.10.1xbs	3.10.1xbs.x
cisco / ios_xe	3.7.6s	3.7.6s.x
cisco / ios_xe	3.2.3se	3.2.3se.x
cisco / ios_xe	3.2.3sg	3.2.3sg.x
cisco / ios_xe	3.11.3s	3.11.3s.x
cisco / ios_xe	3.4.8sg	3.4.8sg.x
cisco / ios_xe	3.15.3s	3.15.3s.x
cisco / ios_xe	3.3.1se	3.3.1se.x
cisco / ios_xe	3.3.1xo	3.3.1xo.x
cisco / ios_xe	3.10.2ts	3.10.2ts.x
cisco / ios_xe	3.4.3s	3.4.3s.x
cisco / ios_xe	3.10.3s	3.10.3s.x
cisco / ios_xe	3.14.0s	3.14.0s.x
cisco / ios_xe	3.5.2e	3.5.2e.x
cisco / ios_xe	3.2.11sg	3.2.11sg.x
cisco / ios_xe	3.10.7s	3.10.7s.x
cisco / ios_xe	3.7.7s	3.7.7s.x
cisco / ios_xe	3.3.2sg	3.3.2sg.x
cisco / ios_xe	3.5.2sq	3.5.2sq.x
cisco / ios_xe	3.2.6sg	3.2.6sg.x
cisco / ios_xe	3.16.1s	3.16.1s.x
cisco / ios_xe	3.2.1sg	3.2.1sg.x
cisco / ios_xe	3.3.0se	3.3.0se.x
cisco / ios_xe	3.4.5sg	3.4.5sg.x
cisco / ios_xe	3.11.0s	3.11.0s.x
cisco / ios_xe	3.12.0as	3.12.0as.x
cisco / ios_xe	3.9.1s	3.9.1s.x
cisco / ios_xe	3.2.1s	3.2.1s.x
cisco / ios_xe	3.1.0sg	3.1.0sg.x
cisco / ios_xe	3.1.2s	3.1.2s.x
cisco / ios_xe	3.4.0s	3.4.0s.x
cisco / ios_xe	3.4.4s	3.4.4s.x
cisco / ios_xe	3.4.3sg	3.4.3sg.x
cisco / ios_xe	3.15.1s	3.15.1s.x
cisco / ios_xe	16.1.1	16.1.1.x
cisco / ios_xe	3.1.1s	3.1.1s.x
cisco / ios_xe	3.2.2s	3.2.2s.x
cisco / ios_xe	3.8.2e	3.8.2e.x
cisco / ios_xe	3.7.0s	3.7.0s.x
cisco / ios_xe	3.18.0s	3.18.0s.x
cisco / ios_xe	3.4.0sq	3.4.0sq.x
cisco / ios_xe	3.10.0s	3.10.0s.x
cisco / ios_xe	3.8.2s	3.8.2s.x
cisco / ios_xe	3.7.3e	3.7.3e.x
cisco / ios_xe	3.17.0s	3.17.0s.x
cisco / ios_xe	3.4.2s	3.4.2s.x
cisco / ios_xe	3.7.2e	3.7.2e.x
cisco / ios_xe	3.5.3e	3.5.3e.x
cisco / ios_xe	3.1.0s	3.1.0s.x
cisco / ios_xe	3.6.3e	3.6.3e.x
cisco / ios_xe	3.3.2xo	3.3.2xo.x
cisco / ios_xe	3.8.1e	3.8.1e.x
cisco / ios_xe	3.1.4s	3.1.4s.x
cisco / ios_xe	3.7.4s	3.7.4s.x
cisco / ios_xe	3.17.1s	3.17.1s.x
cisco / ios_xe	3.15.2s	3.15.2s.x
cisco / ios_xe	3.1.4as	3.1.4as.x
cisco / ios_xe	3.14.2s	3.14.2s.x
cisco / ios_xe	3.5.0sq	3.5.0sq.x
cisco / ios_xe	3.3.0s	3.3.0s.x
cisco / ios_xe	3.16.2bs	3.16.2bs.x
cisco / ios_xe	3.16.1as	3.16.1as.x
cisco / ios_xe	3.2.4sg	3.2.4sg.x
cisco / ios_xe	3.12.0s	3.12.0s.x
cisco / ios_xe	3.12.1s	3.12.1s.x
cisco / ios_xe	3.12.4s	3.12.4s.x
cisco / ios_xe	3.3.0xo	3.3.0xo.x
cisco / ios_xe	3.7.5s	3.7.5s.x
cisco / ios_xe	3.13.3s	3.13.3s.x
cisco / ios_xe	3.7.2s	3.7.2s.x
cisco / ios_xe	3.2.1se	3.2.1se.x
cisco / ios_xe	3.7.0e	3.7.0e.x
cisco / ios_xe	3.4.0sg	3.4.0sg.x
cisco / ios_xe	3.6.1e	3.6.1e.x
cisco / ios_xe	3.13.2as	3.13.2as.x
cisco / ios_xe	3.6.5e	3.6.5e.x
cisco / ios_xe	3.11.4s	3.11.4s.x
cisco / ios_xe	3.13.0as	3.13.0as.x
cisco / ios_xe	3.5.0e	3.5.0e.x
cisco / ios_xe	3.1.3s	3.1.3s.x
cisco / ios_xe	3.4.5s	3.4.5s.x
cisco / ios_xe	3.5.1s	3.5.1s.x
cisco / ios_xe	3.12.3s	3.12.3s.x
cisco / ios_xe	3.7.3s	3.7.3s.x
cisco / ios_xe	3.2.0se	3.2.0se.x
cisco / ios_xe	3.13.1s	3.13.1s.x
cisco / ios_xe	3.1.1sg	3.1.1sg.x
cisco / ios_xe	3.2.2sg	3.2.2sg.x
cisco / ios_xe	3.5.1sq	3.5.1sq.x
cisco / ios_xe	3.10.4s	3.10.4s.x
cisco / ios_xe	3.8.0e	3.8.0e.x
cisco / ios_xe	3.16.2as	3.16.2as.x
cisco / ios_xe	3.4.7sg	3.4.7sg.x
cisco / ios_xe	3.3.0sg	3.3.0sg.x
cisco / ios_xe	3.11.1s	3.11.1s.x
cisco / ios_xe	3.2.5sg	3.2.5sg.x

Vulnerability Database

290,273

CVE-2017-6606