ID de Prueba:	1.3.6.1.4.1.25623.1.0.105470
Categoría:	CISCO
Título:	Cisco ASR 1000 Series Root Shell License Bypass Vulnerability
Resumen:	A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access.
Descripción:	Summary: A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access. Vulnerability Insight: The vulnerability is due to lack of proper input validation of file names at the command-line interface (CLI). Vulnerability Impact: An attacker could exploit this vulnerability by authenticating to the affected device and crafting specific file names for use when loading packages. An exploit could allow the authenticated attacker to bypass the license required for root shell access. If the authenticated user obtains the root shell access, further compromise is possible. Affected Software/OS: Cisco Aggregation Services Routers (ASR) 1000 Series version 15.4(3)S. Solution: Please see the vendor advisory for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6383 BugTraq ID: 78521 http://www.securityfocus.com/bid/78521 Cisco Security Advisory: 20151130 Cisco ASR 1000 Series Root Shell License Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa http://www.securitytracker.com/id/1034277 http://www.securitytracker.com/id/1034296
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.