CVE-2014-7990

{"id": "CVE-2014-7990", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-07T11:55:03.907", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/70968", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1031179", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98529", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36351", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70968", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031179", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98529", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the \"request system shell\" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815."}, {"lang": "es", "value": "Cisco IOS XE 3.5E y anteriores en los dispositivos WS-C3850, WS-C3860, y AIR-CT5760 no analiza debidamente la respuesta al reto 'solicitar el shell del sistema', lo que permite a usuarios locales obtener acceso al root de Linux mediante el aprovechamiento de privilegios administrativos, tambi\u00e9n conocido como Bug ID CSCur09815."}], "lastModified": "2024-11-21T02:18:23.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4712A4B-F64B-4FAB-A2B5-8131CDAA0069", "versionEndIncluding": "3.5e"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:air-ct5760:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F31DD728-F15E-4266-900E-2066D2FFD406"}, {"criteria": "cpe:2.3:h:cisco:ws-c3850:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F3E17D1-B221-471E-8261-BDB5D5C0F241"}, {"criteria": "cpe:2.3:h:cisco:ws-c3860:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D8598D2-BE8E-4059-B749-8A11C910B449"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}