CVE-2016-9197

EUVD-2016-10009
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
ciscomobility_services_engine
8.3.102.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97469
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme
http://www.securityfocus.com/bid/97469
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme