NVD

Id
35244  
Name
CVE-2014-7990  
Description
Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.1  
CVSS Vector
(AV:L/AC:L/Au:S/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2014-11-07  
Modified Date
2015-10-30  
Seq
2014-7990  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
180507 35244 CVE-2014-7990 20141106 Cisco IOS XE Challenge/Response Bypass Vulnerability  View
180508 35244 CVE-2014-7990 http://tools.cisco.com/security/center/viewAlert.x?alertId=36351  View
180509 35244 CVE-2014-7990 70968  View
180510 35244 CVE-2014-7990 1031179  View
180511 35244 CVE-2014-7990 ciscoiosxe-cve20147990-sec-bypass(98529)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16412 JVNDB-2014-005287 複数の Cisco デバイス上で稼働する Cisco IOS XE における Linux の root アクセス権を取得される脆弱性 Cisco WS-C3850、WS-C3860、および AIR-CT5760 デバイス上で稼働する Cisco IOS XE は、"request system shell" 変更応答を適切に解析しないため、Linux の root アクセス権を取得される脆弱性が存在します。 CVE-2014-7990 75283 CVE-2014-7990 35244 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005287.html 2014-11-06 2014-11-10 View