Lucene search

[email protected]NVD:CVE-2014-7990

HistoryNov 07, 2014 - 11:55 a.m.

CVE-2014-7990

2014-11-0711:55:03

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the “request system shell” challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.

Affected configurations

Nvd

Node

ciscoios_xeRange≤3.5e

AND

ciscoair-ct5760

ciscows-c3850

ciscows-c3860

VendorProductVersionCPE
ciscoios_xe*cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
ciscoair-ct5760*cpe:2.3:h:cisco:air-ct5760:*:*:*:*:*:*:*:*
ciscows-c3850*cpe:2.3:h:cisco:ws-c3850:*:*:*:*:*:*:*:*
ciscows-c3860*cpe:2.3:h:cisco:ws-c3860:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	*	cpe:2.3:o:cisco:ios_xe::::::::
cisco	air-ct5760	*	cpe:2.3:h:cisco:air-ct5760::::::::
cisco	ws-c3850	*	cpe:2.3:h:cisco:ws-c3850::::::::
cisco	ws-c3860	*	cpe:2.3:h:cisco:ws-c3860::::::::

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990

tools.cisco.com/security/center/viewAlert.x?alertId=36351

www.securityfocus.com/bid/70968

www.securitytracker.com/id/1031179

exchange.xforce.ibmcloud.com/vulnerabilities/98529

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2014-7990

prion1 cve1 cisco1 cvelist1