Cumulus · Cumulus Linux · CVE-2015-5699
**Name of the Vulnerable Software and Affected Versions**
Cumulus Linux versions 2.5.3 and earlier
**Description**
The issue is related to insufficient access control in the Switch Configuration Tools Backend component of Cumulus Linux, allowing local users to execute arbitrary commands. This can be achieved by using shell metacharacters in a `cl-rctl` command label.
**Recommendations**
For Cumulus Linux versions 2.5.3 and earlier, consider restricting access to the `cl-rctl` command to minimize the risk of exploitation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.