CVE-2014-7990
Cisco IOS XE < 3.5E - Privilege Escalation via Improper Shell Request Parsing
Title source: llmDescription
Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=36351
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98529
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70968
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031179
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990
Scores
EPSS
0.0034
EPSS Percentile
26.4%
Details
CWE
CWE-20
Status
published
Products (4)
cisco/air-ct5760
cisco/ios_xe
< 3.5e
cisco/ws-c3850
cisco/ws-c3860
Published
Nov 07, 2014
Tracked Since
Feb 18, 2026