Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability (cisco-sa-20180207-ios)
Medium Nessus Plugin ID 107091
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version, the Cisco IOS XE software running on the remote device is affected by a path traversal vulnerability. A flaw exists with the diagnostic shell due to improper validation of diagnostic shell commands. An authenticated attacker, with a specially craft command, could potentially overwrite restricted system files.
SolutionUpgrade to the relevant fixed version referenced in Cisco Security Advisory cisco-sa-20180207-ios.