Miembros de
Boletines de Vulnerabilidades |
Cisco ACE 4710 and ACE30 Application Control Engine CLI Privilege Escalation Vulnerability |
|
Información sobre el sistema |
|
| Software afectado | Cisco |
Descripción |
|
|
A vulnerability in the command-line interface (CLI) of Cisco Application Control Engine (ACE) could allow an authenticated, local attacker to elevate privileges to read and alter the content of files that belong to other contexts.The vulnerability is due to insufficient file access controls. An attacker could exploit this vulnerability by crafting a malicious file, copying it to the ACE, and using the file as input for a specific CLI command.Cisco has confirmed the vulnerability; however, More info: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150826-CVE-2015-6265?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ACE%204710%20and%20ACE30%20Application%20Control%20Engine%20 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2015-10-07 |