CVE-2015-4244

CWE-78OS Command Injection4 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 60.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco ASR 5000 Series Software
Timeline
PublishedJul 10
Latest updateMay 17

Description

The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hg76-79w5-rcwg: The boot implementation on Cisco ASR 5000 and 5500 devices with software 142022-05-17
CVEList
CVE-2015-4244: The boot implementation on Cisco ASR 5000 and 5500 devices with software 142015-07-10

📋Vendor Advisories

1
Cisco
Cisco ASR 5000 Series Software Local Command Injection Vulnerability2015-07-09
CVE-2015-4244 (HIGH CVSS 7.2) | The boot implementation on Cisco AS | cvebase.io