CVE-2019-12666

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.

Published: Sep 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-12666
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	16.11.1	16.11.1.x
cisco / ios_xe	16.7	16.9.3
cisco / ios_xe	16.4	16.6.5

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-dt

Vulnerability Database

290,273

CVE-2019-12666