Vulnslist

find the latest Cisco vulnerabilities

Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability

cisco-sa-20170405-cme · Medium · Published · Updated

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. The vulnerability is due to incorrect permissions being assigned to configured users on the device. An attacker could exploit this vulnerability by authenticating to the device and issuing certain commands at the CLI. A successful exploit could allow the attacker to access the underlying operating system shell with root access. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-9197
Cisco Bug IDsCSCvb70351
CVSS ScoreBase 6.7
Base 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Mobility Services Engine

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2016-9197 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2016-9197 Cisco OpenVuln
Cisco Mobility Services Engine CVE-2016-9197 Cisco OpenVuln
Cisco Mobility Express CVE-2016-9197 Cisco OpenVuln