CiscoCISCO-SA-20151005-AIRONETCisco Aironet 1850 Access Point Privilege Escalation Vulnerability
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
A vulnerability in the command-line interface (CLI) of the Cisco Aironet 1850 Series Access Point device could allow an authenticated, local attacker to obtain elevated privileges to the restricted shell on the device.
The vulnerability is due to a lack of proper escape protections when validating CLI commands entered at the device prompt. An authenticated attacker could exploit this vulnerability by entering malicious commands at the CLI to obtain access to the restricted shell. An exploit could allow the attacker to obtain root-level privileges on the affected device.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco aironet access point software | eq | any | |
| cisco aironet access point software | eq | any |
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%