CSCvg41950 - Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability

mikel63221 · ‎03-01-2018

So does this affect only the 16.7 code train or every IOS XE version (16.x and 3.16.x) before 16.8?

akilla21 · ‎03-23-2018

Has anyone confirmed the affected IOX XE train?

BrianRoberson · ‎04-04-2018

Nessus scans are showing it on 3.x and 16.x for us - is this why you are asking? I don't see it being addressed or patched in the March 16.3.5 release either.

akilla21 · ‎04-04-2018

Yes and No, I'm asking because my systems are not running the 16.3 train code. I'm using 15.xx, IOS XE train. But commonly, Cisco newly discovered bugs impacts older code, they just did express that when the code was released. Like Microsoft, we don't always push the latest version because of the new findings. I allow everyone else to experience the pain first.

sxnguyen · ‎05-16-2018

Hello:

according to CSCvg41950 release notes:

As of March 13th, 2017, all Cisco IOS XE software releases are affected by this vulnerability.

As of today, the following trains have the fix or will have the fix when it releases.

16.8.1

16.7(2)

16.6(4)

16.5(2)

16.3(7)

next rebuild 3.16.8S should have fix to address the issue in 3.x trains.

CSCvg41950 - Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability

回复： Cisco 3850: IOS-XE/Firmware Upgrade

Cisco ISE related Vulnerability (CVE-2025-20286)

Cisco IOS XE Certificates Install/Regeneration

Re: Cisco ISR & ASR 1k Routers: IOS-XE/Firmware Upgrade (Install M

Re: Cisco ISE related Vulnerability (CVE-2025-20281 & 20282)