Overview
- Description
- The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)s:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A259566-AA04-4DE8-900D-865384E56C8E"
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)s:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1194A7BD-CB51-42CD-96E6-9ACF126DD8CA"
}
],
"operator": "OR"
}
]
}
]