CVE-2015-4244: OS Command Injection
First published: Fri Jul 10 2015(Updated: )
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco ASR 5000 Series Aggregation Services Routers | =14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-4244?
CVE-2015-4244 is rated as a critical severity vulnerability due to the potential for arbitrary command execution.
How do I fix CVE-2015-4244?
To mitigate CVE-2015-4244, update the Cisco ASR 5000 and 5500 devices to the latest software version that contains the fix.
Who is affected by CVE-2015-4244?
CVE-2015-4244 affects local users with administrative privileges on Cisco ASR 5000 and 5500 devices running software version 14.0.
What types of devices are vulnerable to CVE-2015-4244?
CVE-2015-4244 impacts Cisco ASR 5000 and 5500 Series devices specifically with the 14.0 software version.
What is the impact of exploiting CVE-2015-4244?
Exploitation of CVE-2015-4244 allows attackers to execute arbitrary Linux commands on the affected Cisco devices.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asr 5000 series aggregation services routers
- version/cisco asr 5000 series aggregation services routers/14.0