CVE-2019-12661— Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-12661
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IOS XE 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IOS XE是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XE中与Virtualization Manager (VMAN)有关的CLI命令存在操作系统命令注入漏洞,该漏洞源于程序没有充分验证传入到VMAN CLI命令的参数。本地攻击者可利用该漏洞以root权限在底层Linux操作系统上执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software | unspecified ~ n/a | - |
II. Public POCs for CVE-2019-12661
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-12661
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman-cmd-injectionvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-12661
Same Patch Batch · Cisco · 2019-09-25 · 29 CVEs total
| CVE-2019-12671 | Cisco IOS XE Software Consent Token Bypass Vulnerability | |
| CVE-2019-12646 | Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of | |
| CVE-2019-12650 | Cisco IOS XE Software Web UI Command Injection Vulnerabilities | |
| CVE-2019-12649 | Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability | |
| CVE-2019-12648 | Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability | |
| CVE-2019-12647 | Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability | |
| CVE-2019-12651 | Cisco IOS XE Software Web UI Command Injection Vulnerabilities | |
| CVE-2019-12653 | Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability | |
| CVE-2019-12665 | Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability | |
| CVE-2019-12663 | Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service | |
| CVE-2019-12659 | Cisco IOS XE Software HTTP Server Denial of Service Vulnerability | |
| CVE-2019-12657 | Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability | |
| CVE-2019-12655 | Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Ser | |
| CVE-2019-12709 | Cisco IOS XR Software for Cisco ASR 9000 VMAN CLI Privilege Escalation Vulnerability | |
| CVE-2019-12672 | Cisco IOS XE Software Arbitrary Code Execution Vulnerability | |
| CVE-2019-12669 | Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability | |
| CVE-2019-12667 | Cisco IOS XE Software Stored Cross-Site Scripting Vulnerability | |
| CVE-2019-12658 | Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability | |
| CVE-2019-12656 | Cisco IOx Application Environment Denial of Service Vulnerability | |
| CVE-2019-12654 | Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-77
- CVE-2026-8210
aandrew-me tgpt Update helper.go helper.Update command injec - CVE-2026-42258
net-imap: Command Injection via unvalidated Symbol inputs - CVE-2026-42453
Termix: Command injection in extractArchive/compressFiles vi - CVE-2026-42271
LiteLLM: Authenticated command execution via MCP stdio test - CVE-2026-41500
electerm has Command Injection Vulnerability via runMac func
V. Comments for CVE-2019-12661
No comments yet