General

Symptom: A vulnerability in the command line interface (CLI) of Cisco IOS XR Software could allow an authenticated, local attacker to conduct an argument injection attack on a targeted system. The vulnerability is due to insufficiently delimiting the arguments passed to a component in another control sphere. An attacker could exploit this vulnerability by using argument injection methods to copy files into restricted folders. An exploit could allow the attacker to perform an argument injection attack which could allow the attacker to view arbitrary files on the system. Conditions: Device with default configuration. Workaround: None. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.6: http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:N/I:P/A:N/E:F/RL:U/RC:C&version=2.0 No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Further Problem Description: