Cisco ASR 5000 Series Software Local Command Injection Vulnerability

ID CISCO-SA-20150709-CVE-2015-4244
Type cisco
Reporter Cisco
Modified 2015-07-09T20:51:45


A vulnerability in the boot process of the Cisco ASR5000 and ASR5500 (ASK5K) System Software could allow an authenticated, local attacker to cause commands to be executed during the boot process.

The vulnerability is due to improper reading of a local file on Compact Flash (CF) during the boot process. An attacker could exploit this vulnerability by logging in as an administrator-privileged user and writing a file to CF with a set of Linux commands. An exploit could allow the attacker to execute this list of unexpected Linux commands at boot time. The commands are contained in the file that was written out by the malicious administrative user.

Cisco has confirmed the vulnerability and released software updates.

To exploit the vulnerability, an attacker must be able to log in locally to a device and have permissions sufficient to write to the device storage. These access requirements greatly reduce the potential for exploitation.