CVE-2015-6383

Published: Dec 3, 2015Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.

Affected (1)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 15.4(3)s

Related CWEs

CWE-264

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/78521

Source: psirt@cisco.com

http://www.securitytracker.com/id/1034277

Source: psirt@cisco.com

http://www.securitytracker.com/id/1034296

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/78521

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034277

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034296

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.