CVE-2015-6396
Summary
| CVE | CVE-2015-6396 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-08-08 00:59:00 UTC |
| Updated | 2018-12-15 11:29:00 UTC |
| Description | The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Rv110w Wireless-n Vpn Firewall | - | All | All | All |
| Hardware | Cisco | Rv110w Wireless-n Vpn Firewall | - | All | All | All |
| Operating System | Cisco | Rv110w Wireless-n Vpn Firewall Firmware | All | All | All | All |
| Operating System | Cisco | Rv110w Wireless-n Vpn Firewall Firmware | All | All | All | All |
| Hardware | Cisco | Rv130w Wireless-n Multifunction Vpn Router | - | All | All | All |
| Hardware | Cisco | Rv130w Wireless-n Multifunction Vpn Router | - | All | All | All |
| Operating System | Cisco | Rv130w Wireless-n Multifunction Vpn Router Firmware | All | All | All | All |
| Operating System | Cisco | Rv130w Wireless-n Multifunction Vpn Router Firmware | All | All | All | All |
| Hardware | Cisco | Rv215w Wireless-n Vpn Router | - | All | All | All |
| Hardware | Cisco | Rv215w Wireless-n Vpn Router | - | All | All | All |
| Operating System | Cisco | Rv215w Wireless-n Vpn Router Firmware | All | All | All | All |
| Operating System | Cisco | Rv215w Wireless-n Vpn Router Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability | CISCO | tools.cisco.com | Mitigation, Vendor Advisory |
| Multiple Cisco Products CVE-2015-6396 Local Command Injection Vulnerability | BID | www.securityfocus.com | |
| Cisco Small Business RV110W/RV130W/RV215W Lets Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Cisco RV110W - Password Disclosure / Command Execution - Hardware remote Exploit | EXPLOIT-DB | www.exploit-db.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.