CVE-2015-4244
Cisco ASR 5000 Series Software 14.0 - Authenticated OS Command Injection via Compact Flash File
Title source: llmDescription
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032839
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=39677
Scores
EPSS
0.0044
EPSS Percentile
35.6%
Details
CWE
CWE-78
Status
published
Products (1)
cisco/asr_5000_series_software
14.0
Published
Jul 10, 2015
Tracked Since
Feb 18, 2026