CVE-2015-6396
published 2016-08-08CVE-2015-6396: The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted…
PriorityP348high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.94%
77.6th percentile
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | rv110w_rv130w_and_rv215w_routers | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco6.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v3jr-r4jq-v97q: The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via craf
ghsa_unreviewed·2022-05-14
CVE-2015-6396 [HIGH] CWE-78 GHSA-v3jr-r4jq-v97q: The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via craf
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
Cisco
Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
vendor_cisco·2016-08-03·CVSS 6.6
CVE-2015-6396 [MEDIUM] CWE-78 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
A vulnerability in the command-line interface (CLI) command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. The commands are executed with full administrator privileges.
The vulnerability is due to insufficient input validation of user-controlled input parameters entered at the CLI. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input parameters to certain commands. A successful exploit could allow an authenticated attacker to execute arbitrary shell comma
Cisco
Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
vendor_cisco
CVE-2015-6396 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
CVE-2015-6396: Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
A vulnerability in the command-line interface (CLI) command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. The commands are executed with full administrator privileges. The vulnerability is due to insufficient input validation of user-controlled input parameters entered at the CLI. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input parameters to certain commands. A successful exploit could allow an authenticated attacker to execute arbitrar
No detection rules found.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1http://www.securityfocus.com/bid/92269http://www.securitytracker.com/id/1036528https://www.exploit-db.com/exploits/45986/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1http://www.securityfocus.com/bid/92269http://www.securitytracker.com/id/1036528https://www.exploit-db.com/exploits/45986/
2016-08-08
Published