CVE-2015-4244

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

T

he boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39677	Vendor Advisory
http://www.securitytracker.com/id/1032839	Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=39677	Vendor Advisory
http://www.securitytracker.com/id/1032839	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:asr_5000_series_software:14.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:30

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/viewAlert.x?alertId=39677 - Vendor Advisory~~	() http://tools.cisco.com/security/center/viewAlert.x?alertId=39677 - Vendor Advisory
References	~~() http://www.securitytracker.com/id/1032839 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1032839 - Third Party Advisory, VDB Entry

Information

Published : 2015-07-10 10:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-4244

Mitre link : CVE-2015-4244

CVE.ORG link : CVE-2015-4244

JSON object : View

Products Affected

asr_5000_series_software

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2015-4244", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-07-10T10:59:00.067", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39677", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.securitytracker.com/id/1032839", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39677", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032839", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278."}, {"lang": "es", "value": "La ejecuci\u00f3n del arranque en dispositivos Cisco ASR 5000 y 5500 con versi\u00f3n de software 14.0 permite a usuarios locales ejecutar arbitrariamente comandos Linux al aprovechar privilegios de administrador y guardar dichos comandos en un dispositivo Compact Flash (CF), tambi\u00e9n conocido como Bug ID CSCuu75278."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:asr_5000_series_software:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A06298-B095-4242-A178-F14EAF7FA014"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}