Multiple Cisco products contain a vulnerability that could allow a local malicious user to gain shell access with root privileges. The vulnerability is due to incorrect validation of user-supplied input processed by the command-line interface (CLI) on Cisco products running the affected software. A local attacker with access to an affected device could exploit this vulnerability by submitting specially crafted input to be processed by the vulnerable component. Successful exploitation could allow an malicious user to gain shell access with root privileges on a targeted system, which could result in a complete system compromise. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit this vulnerability, the attacker must have local access to a targeted system. This access restriction limits the possibility of a successful exploit. Customers are advised to review the bug reports in the vendor announcements section for a current list of affected products and versions.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco identity services engine software - |
||
cisco secure access control system - |
||
cisco application networking manager - |
||
cisco prime network control system - |
||
cisco context directory agent - |
||
cisco prime lan management solution - |
||
cisco quad - |
||
cisco prime collaboration - |
||
cisco unified provisioning manager - |
||
cisco network services manager - |
Vulmon