Boletines de Vulnerabilidades

Cisco ASR 1000 Series Root Shell License Bypass Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access.The vulnerability is due to lack of proper input validation of file names at the command-line interface (CLI). An attacker could exploit this vulnerability by authenticating to the affected device and crafting specific file names for use when loading packages. An exploit

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASR%201000%20Series%20Root%20Shell%20License%20Bypass%20Vulnerability&

Identificadores estándar
Propiedad Valor
CVE CVE-2015-6383.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-12-01

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT