CVE-2015-6385

EUVD-2015-6327
The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
ciscoios
15.5\(2\)s
ciscoios
15.5\(3\)s
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr
http://www.securitytracker.com/id/1034274
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr
http://www.securitytracker.com/id/1034274