CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
28.7%
Multiple Cisco products contain a vulnerability that could allow a local attacker to gain shell access with root privileges.
The vulnerability is due to incorrect validation of user-supplied input processed by the command-line interface (CLI) on Cisco products running the affected software. A local attacker with access to an affected device could exploit this vulnerability by submitting specially crafted input to be processed by the vulnerable component. Successful exploitation could allow an attacker to gain shell access with root privileges on a targeted system, which could result in a complete system compromise.
Cisco has confirmed the vulnerability; however, software updates are not available.
To exploit this vulnerability, the attacker must have local access to a targeted system. This access restriction limits the possibility of a successful exploit.
Customers are advised to review the bug reports in the vendor announcements section for a current list of affected products and versions.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_access_control_system | any | cpe:2.3:a:cisco:secure_access_control_system:any:*:*:*:*:*:*:* |
cisco | application_networking_manager | any | cpe:2.3:a:cisco:application_networking_manager:any:*:*:*:*:*:*:* |
cisco | unified_provisioning_manager | any | cpe:2.3:a:cisco:unified_provisioning_manager:any:*:*:*:*:*:*:* |
cisco | quad | any | cpe:2.3:a:cisco:quad:any:*:*:*:*:*:*:* |
cisco | identity_services_engine_software | any | cpe:2.3:a:cisco:identity_services_engine_software:any:*:*:*:*:*:*:* |
cisco | prime_lan_management_solution | any | cpe:2.3:a:cisco:prime_lan_management_solution:any:*:*:*:*:*:*:* |
cisco | prime_network_control_system | any | cpe:2.3:a:cisco:prime_network_control_system:any:*:*:*:*:*:*:* |
cisco | prime_collaboration | any | cpe:2.3:a:cisco:prime_collaboration:any:*:*:*:*:*:*:* |
cisco | context_directory_agent | any | cpe:2.3:a:cisco:context_directory_agent:any:*:*:*:*:*:*:* |
cisco | network_services_manager | any | cpe:2.3:a:cisco:network_services_manager:any:*:*:*:*:*:*:* |