Local Command Injection Vulnerability in Cisco ASR 5000 and 5500 Devices
CVE-2015-4244

Currently unrated

Key Information:

Vendor: Cisco
Status: Asr 5000 Series Software
Vendor: CVE Published:; 10 July 2015

Summary

The boot implementation in Cisco ASR 5000 and 5500 devices with software version 14.0 allows local users to execute arbitrary Linux commands. This vulnerability arises from the improper handling of stored commands within a Compact Flash file, which can be leveraged by users with administrative privileges, potentially leading to unauthorized actions and manipulation of the device.

References

http://www.securitytracker.com/id/1032839

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jul 10, 2015
Vulnerability Reserved
Jun 4, 2015