CVE-2015-4244

Cisco ASR 5000 Series Software 14.0 - Authenticated OS Command Injection via Compact Flash File

Title source: llm
STIX 2.1

Description

The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032839
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=39677

Scores

EPSS 0.0044
EPSS Percentile 35.6%

Details

CWE
CWE-78
Status published
Products (1)
cisco/asr_5000_series_software 14.0
Published Jul 10, 2015
Tracked Since Feb 18, 2026