Cisco IOS Flaw in TCL Interpreter Lets Local Users Gain Elevated Privileges
 | Reliability is your mission. It's ours too. Deliver operations visibility and improved resolution times with PagerDuty. Sign up for a free trial. From our sponsors |
| 1 Full Text Parser copy |
| This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
Cisco IOS Flaw in TCL Interpreter Lets Local Users Gain Elevated Privileges
6/15/2015 12:00:00 AM
| Cisco IOS Flaw in TCL Interpreter Lets Local Users Gain Elevated Privileges |
| SecurityTracker Alert ID: 1032581 |
| SecurityTracker URL: http://securitytracker.com/id/1032581 |
| CVE Reference: CVE-2015-4185 (Links to External Site) |
| Date: Jun 15 2015 |
| Impact: User access via local system |
| Fix Available: Yes Vendor Confirmed: Yes |
| |
| Description: A vulnerability was reported in Cisco IOS. A local user can obtain elevated privileges on the target system. A non-privileged local user can exploit a flaw in the Tool Command Language (TCL) script interpreter in the resetting of vty privileges by establishing a session immediately after a TCL script has executed to gain elevated level 15 privileges. The vendor has assigned bug ID CSCuq24202 to this vulnerability. |
| Impact: A non-privileged local user can obtain level 15 privileges on the target system. |
| Solution: The vendor has issued a fix. The vendor's advisory is available at: http://tools.cisco.com/security/center/viewAlert.x?alertId=39343 |
| Vendor URL: tools.cisco.com/security/center/viewAlert.x?alertId=39343 (Links to External Site) |
| Cause: Access control error |
| Underlying OS: |
| |
| Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions