CVE-2015-6385

Cisco IOS 15.5(2)S and 15.5(3)S - Authenticated Remote Code Execution via Event-Manager Environment Variables

Title source: llm
STIX 2.1

Description

The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034274

Scores

EPSS 0.0044
EPSS Percentile 35.1%

Details

CWE
CWE-20
Status published
Products (2)
cisco/ios 15.5\(2\)s
cisco/ios 15.5\(3\)s
Published Dec 01, 2015
Tracked Since Feb 18, 2026