Test ID:	1.3.6.1.4.1.25623.1.0.105470
Category:	CISCO
Title:	Cisco ASR 1000 Series Root Shell License Bypass Vulnerability
Summary:	A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access.
Description:	Summary: A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access. Vulnerability Insight: The vulnerability is due to lack of proper input validation of file names at the command-line interface (CLI). Vulnerability Impact: An attacker could exploit this vulnerability by authenticating to the affected device and crafting specific file names for use when loading packages. An exploit could allow the authenticated attacker to bypass the license required for root shell access. If the authenticated user obtains the root shell access, further compromise is possible. Affected Software/OS: Cisco Aggregation Services Routers (ASR) 1000 Series version 15.4(3)S. Solution: Please see the vendor advisory for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6383 BugTraq ID: 78521 http://www.securityfocus.com/bid/78521 Cisco Security Advisory: 20151130 Cisco ASR 1000 Series Root Shell License Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa http://www.securitytracker.com/id/1034277 http://www.securitytracker.com/id/1034296
Copyright	This script is Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.