PT-2015-6480 · Linux Foundation+1 · Linux+2

Published

2015-07-10

Updated

2016-12-29

CVE-2015-4244

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco ASR 5000 and 5500 devices with software version 14.0

Description The issue allows local users with administrative privileges to execute arbitrary Linux commands on the device. This is achieved by storing the commands in a Compact Flash (CF) file, which can then be executed.

Recommendations For Cisco ASR 5000 and 5500 devices with software version 14.0, consider restricting administrative access to minimize the risk of exploitation until a fix is available.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2015-4244

Affected Products

Cisco Asr 5000

Cisco Asr 5500

Linux

PT-2015-6480 · Linux Foundation+1 · Linux+2

CVE-2015-4244

Weakness Enumeration

Related Identifiers

Affected Products

References · 3