Published: 07/11/2014 Updated: 08/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 10 | Exploitability Score: 3.1

VMScore: 605

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Cisco IOS XE 3.5E and previous versions on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios_xe
cisco ws-c3860
cisco air-ct5760
cisco ws-c3850

A vulnerability in the request system shell command supported by specific Cisco IOS XE platforms (WS-C3850, WS-C3650, AIR-CT5760, and WS-C4500X) could allow an authenticated, local attacker with administrative privilege (15) to access the underlying Linux root shell The vulnerability is due to improper parsing of the challenge response An attack ...

CWE-20 http://tools.cisco.com/security/center/viewAlert.x?alertId=36351 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990 http://www.securityfocus.com/bid/70968 http://www.securitytracker.com/id/1031179 https://exchange.xforce.ibmcloud.com/vulnerabilities/98529 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141106-CVE-2014-7990

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-7990

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect