Vulnslist

find the latest Cisco vulnerabilities

Cisco ASR 5000 Series Software Local Command Injection Vulnerability

Cisco-SA-20150709-CVE-2015-4244 · Medium · Published · Updated

A vulnerability in the boot process of the Cisco ASR5000 and ASR5500 (ASK5K) System Software could allow an authenticated, local attacker to cause commands to be executed during the boot process. The vulnerability is due to improper reading of a local file on Compact Flash (CF) during the boot process. An attacker could exploit this vulnerability by logging in as an administrator-privileged user and writing a file to CF with a set of Linux commands. An exploit could allow the attacker to execute this list of unexpected Linux commands at boot time. The commands are contained in the file that was written out by the malicious administrative user. Cisco has confirmed the vulnerability and released software updates. To exploit the vulnerability, an attacker must be able to log in locally to a device and have permissions sufficient to write to the device storage. These access requirements greatly reduce the potential for exploitation.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4244
Cisco Bug IDsCSCuu75278
CVSS ScoreBase 6.8
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco ASR 5000 Series Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco ASR 5000 Series Software known_affected cisco_csaf CVE-2015-4244 1

Related Products

Product CVE Evidence
Cisco ASR 5000 Series Software CVE-2015-4244 Cisco OpenVuln · family-level