CVE-2015-6396
high
CVSS v3
7.8
CVSS v2
7.2
VIR risk
7.8
Description
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1
- http://www.securityfocus.com/bid/92269
- http://www.securitytracker.com/id/1036528
- https://www.exploit-db.com/exploits/45986/
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1
- http://www.securityfocus.com/bid/92269
- http://www.securitytracker.com/id/1036528
- https://www.exploit-db.com/exploits/45986/
CWEs
CWE-78
Verify integrity in audit chain (admin only). AS-IS.