The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr - Vendor Advisory | |
References | () http://www.securitytracker.com/id/1034274 - |
Information
Published : 2015-12-01 11:59
Updated : 2024-11-21 02:34
NVD link : CVE-2015-6385
Mitre link : CVE-2015-6385
CVE.ORG link : CVE-2015-6385
JSON object : View
Products Affected
cisco
- ios
CWE
CWE-20
Improper Input Validation