CVE-2015-6396
UnknownEPSS 1.94%
Last modified
CVE-2015-6396 is a vulnerability of currently unknown severity. The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.. EPSS estimates a 1.94% chance of exploitation in the next 30 days.
Description
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Rv110w Wireless-N Vpn Firewall Firmware | All versions |
| Cisco | Rv130w Wireless-N Multifunction Vpn Router Firmware | All versions |
| Cisco | Rv215w Wireless-N Vpn Router Firmware | All versions |
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1Mitigation, Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-6396?
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
How severe is CVE-2015-6396?
Severity scoring for CVE-2015-6396 is pending analysis. The EPSS model estimates a 1.94% probability of exploitation in the next 30 days.
How do I fix CVE-2015-6396?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-6396?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST