Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105470
Category:CISCO
Title:Cisco ASR 1000 Series Root Shell License Bypass Vulnerability
Summary:A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access.
Description:Summary:
A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access.

Vulnerability Insight:
The vulnerability is due to lack of proper input validation of file names at the command-line interface (CLI).

Vulnerability Impact:
An attacker could exploit this vulnerability by authenticating to the affected device and crafting specific file names for use when loading packages. An exploit could allow the authenticated attacker to bypass the license required for root shell access. If the authenticated user obtains the root shell access, further compromise is possible.

Affected Software/OS:
Cisco Aggregation Services Routers (ASR) 1000 Series version 15.4(3)S.

Solution:
Please see the vendor advisory for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-6383
BugTraq ID: 78521
http://www.securityfocus.com/bid/78521
Cisco Security Advisory: 20151130 Cisco ASR 1000 Series Root Shell License Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa
http://www.securitytracker.com/id/1034277
http://www.securitytracker.com/id/1034296
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.