Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.105470 |
Category: | CISCO |
Title: | Cisco ASR 1000 Series Root Shell License Bypass Vulnerability |
Summary: | A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access. |
Description: | Summary: A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access. Vulnerability Insight: The vulnerability is due to lack of proper input validation of file names at the command-line interface (CLI). Vulnerability Impact: An attacker could exploit this vulnerability by authenticating to the affected device and crafting specific file names for use when loading packages. An exploit could allow the authenticated attacker to bypass the license required for root shell access. If the authenticated user obtains the root shell access, further compromise is possible. Affected Software/OS: Cisco Aggregation Services Routers (ASR) 1000 Series version 15.4(3)S. Solution: Please see the vendor advisory for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-6383 BugTraq ID: 78521 http://www.securityfocus.com/bid/78521 Cisco Security Advisory: 20151130 Cisco ASR 1000 Series Root Shell License Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa http://www.securitytracker.com/id/1034277 http://www.securitytracker.com/id/1034296 |
Copyright | This script is Copyright (C) 2015 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |