CVE-2015-6385
Cisco IOS 15.5(2)S and 15.5(3)S - Authenticated Remote Code Execution via Event-Manager Environment Variables
Title source: llmDescription
The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034274
Scores
EPSS
0.0044
EPSS Percentile
35.1%
Details
CWE
CWE-20
Status
published
Products (2)
cisco/ios
15.5\(2\)s
cisco/ios
15.5\(3\)s
Published
Dec 01, 2015
Tracked Since
Feb 18, 2026