Cisco IOS XE WebUI Authenticated Command Injection

This strike exploits a command injection vulnerability in the WebUI component of Cisco IOS XE. The vulnerability is due to improper validation of user-supplied form data via the WebUI. An user with low privilege access can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in the execution of Cisco console commands with administrative privileges.