RCE in Cisco Asr_5000_series_software
CVE-2015-4244
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bu…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.002 (39.4th percentile) — read the EPSS interpretation.
Affected products
- Cisco Asr_5000_series_software — versions 14.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 1032839 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 20150709 Cisco ASR 5000 Series Software Local Command Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)