Home Unlabelled Cisco IOS-XE 3S Platforms Series Root Shell License Bypass Vulnerability

Cisco IOS-XE 3S Platforms Series Root Shell License Bypass Vulnerability

By
Thursday, December 03, 2015
Read
Add Comment
A vulnerability in the way software packages are loaded in the Cisco IOS-XE Operating System for the Cisco IOS-XE 3S platforms could allow an authenticated, local attacker to gain restricted root shell access.

The vulnerability is due to lack of proper input validation of the file names at the CLI. An attacker could exploit this vulnerability by authenticating to the affected device and crafting specific file names for use when loading packages. An exploit could allow the authenticated attacker to bypass the license required for root shell access. If the authenticated user obtains the root shell access further compromise is possible.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/1IFQtlL

from Cisco Security Advisory http://ift.tt/1IFQtlL
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us