Vulnerability Description
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Rv110W Wireless-N Vpn Firewall Firmware | All versions |
| Cisco | Rv110W Wireless-N Vpn Firewall | - |
| Cisco | Rv130W Wireless-N Multifunction Vpn Router Firmware | All versions |
| Cisco | Rv130W Wireless-N Multifunction Vpn Router | - |
| Cisco | Rv215W Wireless-N Vpn Router Firmware | All versions |
| Cisco | Rv215W Wireless-N Vpn Router | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20MitigationVendor Advisory
- http://www.securityfocus.com/bid/92269
- http://www.securitytracker.com/id/1036528
- https://www.exploit-db.com/exploits/45986/
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20MitigationVendor Advisory
- http://www.securityfocus.com/bid/92269
- http://www.securitytracker.com/id/1036528
- https://www.exploit-db.com/exploits/45986/
FAQ
What is CVE-2015-6396?
CVE-2015-6396 is a vulnerability with a CVSS score of 7.8 (HIGH). The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161...
How severe is CVE-2015-6396?
CVE-2015-6396 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6396?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv110W Wireless-N Vpn Firewall Firmware, Cisco Rv110W Wireless-N Vpn Firewall, Cisco Rv130W Wireless-N Multifunction Vpn Router Firmware, Cisco Rv130W Wireless-N Multifunction Vpn Router, Cisco Rv215W Wireless-N Vpn Router Firmware.