CVE-2016-9197
First published: Fri Apr 07 2017(Updated: )
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Mobility Services Engine 3310 | =8.3.102.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9197?
CVE-2016-9197 is considered a high severity vulnerability due to its potential to allow authenticated users to gain root-level access.
How do I fix CVE-2016-9197?
To mitigate CVE-2016-9197, update the affected Cisco Mobility Services Engine to a version that has patched this vulnerability.
Who is affected by CVE-2016-9197?
CVE-2016-9197 affects authenticated local users of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers.
What are the potential consequences of exploiting CVE-2016-9197?
Exploiting CVE-2016-9197 could lead to unauthorized access to the operating system shell with root-level privileges.
Is there a workaround for CVE-2016-9197?
There is no official workaround for CVE-2016-9197 besides applying the latest security updates provided by Cisco.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco mobility services engine 3310
- version/cisco mobility services engine 3310/8.3.102.0