Privilege Escalation Vulnerability in CiscoWorks Products
CVE-2006-1961

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Solution Engine; User Registration Tool
Vendor: CVE Published:; 21 April 2006

Summary

Cisco's Wireless LAN Solution Engine (WLSE) and related products are vulnerable to a privilege escalation issue. Local users can exploit this vulnerability to gain unauthorized Linux shell access by using shell metacharacters in arguments provided to the 'show' command in the command line interface (CLI). This flaw impacts the WLSE before version 2.13, the Hosting Solution Engine and User Registration Tool versions prior to April 19, 2006, as well as all versions of the Ethernet Subscriber Solution Engine and CiscoWorks2000 Service Management Solution. It is crucial for users of these products to investigate and apply necessary security measures as outlined in Cisco's advisories.

References

http://www.osvdb.org/24813

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2006/1435

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/17609

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 21, 2006
Vulnerability Reserved
Apr 21, 2006