CVE-2015-5699

Name of the Vulnerable Software and Affected Versions Cumulus Linux versions 2.5.3 and earlier

Description The issue is related to insufficient access control in the Switch Configuration Tools Backend component of Cumulus Linux, allowing local users to execute arbitrary commands. This can be achieved by using shell metacharacters in a cl-rctl command label.

Recommendations For Cumulus Linux versions 2.5.3 and earlier, consider restricting access to the cl-rctl command to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.