HTTP: Cisco IOS XE WebUI Privileged Command Injection
This signature detects attempts to exploit a known vulnerability against WebUI component of Cisco IOS XE. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected Products
Cisco ios
Short Name
HTTP:CISCO:IOS-XE-CI
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-12650 CVE-2019-12651 CVE-2023-20273 Cisco Command IOS Injection Privileged WebUI XE
Release Date
11/28/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Cisco
CVSS Score
9.0