PT-2015-7162 · Cisco · Cisco Asyncos

Published

2015-11-06

Updated

2016-12-07

CVE-2015-6298

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS versions 8.0.0 through 8.0.7, Cisco AsyncOS versions 8.1.x, Cisco AsyncOS versions 8.5.0 through 8.5.2, Cisco AsyncOS versions 8.6.x, Cisco AsyncOS versions 8.7.0 through 8.7.0-170, Cisco AsyncOS versions 8.8.0 through 8.8.0-084

Description The issue allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments.

Recommendations For Cisco AsyncOS version 8.0.x, update to version 8.0.8-113 or later. For Cisco AsyncOS version 8.1.x, update to a version after 8.1.x. For Cisco AsyncOS version 8.5.x, update to version 8.5.3-051 or later. For Cisco AsyncOS version 8.6.x, update to a version after 8.6.x. For Cisco AsyncOS version 8.7.x, update to version 8.7.0-171-LD or later. For Cisco AsyncOS version 8.8.x, update to version 8.8.0-085 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2015-6298

Affected Products

Cisco Asyncos

PT-2015-7162 · Cisco · Cisco Asyncos

CVE-2015-6298

Weakness Enumeration

Related Identifiers

Affected Products

References · 3