E19-7osr1
CVSS:
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
3
Year:
2019
Description
This strike exploits a command injection vulnerability in the WebUI component of Cisco IOS XE.
The vulnerability is due to improper validation of user-supplied form data via the WebUI.
A user with low privilege access can exploit this vulnerability by sending a crafted HTTP request to the target server.
Successful exploitation results in the execution of Cisco console commands with administrative privileges.