CVE-2016-9197

MEDIUM

Cisco Mobility Express - Privilege Escalation

Title source: llm

Description

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97469

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme

Scores

CVSS v3 6.7

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-264

Status published

Affected Products (2)

cisco/mobility_services_engine

n/a/Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers < Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers

Timeline

Published Apr 07, 2017

Tracked Since Feb 18, 2026