CVE-2015-6385

The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:cisco:ios:15.5\(2\)s:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)s:*:*:*:*:*:*:*

History

21 Nov 2024, 02:34

Type Values Removed Values Added
References () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr - Vendor Advisory
References () http://www.securitytracker.com/id/1034274 - () http://www.securitytracker.com/id/1034274 -

Information

Published : 2015-12-01 11:59

Updated : 2024-11-21 02:34


NVD link : CVE-2015-6385

Mitre link : CVE-2015-6385

CVE.ORG link : CVE-2015-6385


JSON object : View

Products Affected

cisco

  • ios
CWE
CWE-20

Improper Input Validation