PT-2015-7215 · Cisco · Cisco Ios
Published
2015-12-01
·
Updated
2017-09-14
·
CVE-2015-6385
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco IOS versions 15.5(2)S through 15.5(3)S
Description
The issue allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables.
Recommendations
For Cisco IOS versions 15.5(2)S through 15.5(3)S, consider restricting administrative access to prevent exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Ios