A vulnerability exists in the command in Cisco IOS and IOS XE Software that could allow an authenticated, local attacker to perform command injection into the IOx Linux guest operating system (GOS) An exploit could allow the attacker to execute commands of their choice in the Linux GOS. Cisco has not released software updates that address this vulnerability. No workarounds that address iox command are available. No other Cisco products are currently known to be affected by the vulnerability. This advisory is available at the following link: http://www.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox.”]
Source: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox