Details of VAR-201507-0532

ID

VAR-201507-0532

CVE

CVE-2015-4244

TITLE

Cisco ASR 5000 and Cisco ASR 5500 Any in the implementation of software boot Linux Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003544

DESCRIPTION

The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278. Cisco ASR 5000 and Cisco ASR 5500 The software boot implementation is optional Linux A command execution vulnerability exists. The Cisco ASR 5000 and 5500 devices are Cisco's 5000 Series wireless controller products. A local attacker can exploit this issue to execute arbitrary commands with admin privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCuu75278

Trust: 2.52

sources: NVD: CVE-2015-4244 // JVNDB: JVNDB-2015-003544 // CNVD: CNVD-2015-04696 // BID: 75684 // VULHUB: VHN-82205

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04696

AFFECTED PRODUCTS

vendor:	cisco	model:	asr 5000 series software	scope:	eq	version:	14.0	Trust: 2.4
vendor:	cisco	model:	asr 5000 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 5500 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr and devices with software	scope:	eq	version:	5000550014.0	Trust: 0.6
vendor:	cisco	model:	asr series software	scope:	eq	version:	500014.0	Trust: 0.3

sources: CNVD: CNVD-2015-04696 // BID: 75684 // JVNDB: JVNDB-2015-003544 // CNNVD: CNNVD-201507-330 // NVD: CVE-2015-4244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4244
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-4244
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-04696
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201507-330
value:	HIGH
Trust: 0.6
VULHUB:	VHN-82205
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-4244
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04696
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82205
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04696 // VULHUB: VHN-82205 // JVNDB: JVNDB-2015-003544 // CNNVD: CNNVD-201507-330 // NVD: CVE-2015-4244

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-82205 // JVNDB: JVNDB-2015-003544 // NVD: CVE-2015-4244

THREAT TYPE

local

Trust: 0.9

sources: BID: 75684 // CNNVD: CNNVD-201507-330

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201507-330

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003544

PATCH

title:	39677	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39677	Trust: 0.8
title:	Cisco ASR Patch for Any Linux Command Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/61147	Trust: 0.6

sources: CNVD: CNVD-2015-04696 // JVNDB: JVNDB-2015-003544

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4244	Trust: 3.4
db:	SECTRACK	id:	1032839	Trust: 1.1
db:	BID	id:	75684	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-003544	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-330	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04696	Trust: 0.6
db:	VULHUB	id:	VHN-82205	Trust: 0.1

sources: CNVD: CNVD-2015-04696 // VULHUB: VHN-82205 // BID: 75684 // JVNDB: JVNDB-2015-003544 // CNNVD: CNNVD-201507-330 // NVD: CVE-2015-4244

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39677	Trust: 2.6
url:	http://www.securitytracker.com/id/1032839	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4244	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4244	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-04696 // VULHUB: VHN-82205 // BID: 75684 // JVNDB: JVNDB-2015-003544 // CNNVD: CNNVD-201507-330 // NVD: CVE-2015-4244

CREDITS

Cisco

Trust: 0.3

sources: BID: 75684

SOURCES

db:	CNVD	id:	CNVD-2015-04696
db:	VULHUB	id:	VHN-82205
db:	BID	id:	75684
db:	JVNDB	id:	JVNDB-2015-003544
db:	CNNVD	id:	CNNVD-201507-330
db:	NVD	id:	CVE-2015-4244

LAST UPDATE DATE

2025-04-12T23:22:14.764000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04696	date:	2015-07-22T00:00:00
db:	VULHUB	id:	VHN-82205	date:	2016-12-29T00:00:00
db:	BID	id:	75684	date:	2015-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003544	date:	2015-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201507-330	date:	2015-07-30T00:00:00
db:	NVD	id:	CVE-2015-4244	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04696	date:	2015-07-22T00:00:00
db:	VULHUB	id:	VHN-82205	date:	2015-07-10T00:00:00
db:	BID	id:	75684	date:	2015-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003544	date:	2015-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201507-330	date:	2015-07-13T00:00:00
db:	NVD	id:	CVE-2015-4244	date:	2015-07-10T10:59:00.067