Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-6396

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.

Published

2016-08-08T00:59:00.140

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	rv110w_wireless-n_vpn_firewall_firmware	*	Yes
Hardware	cisco	rv110w_wireless-n_vpn_firewall	-	No
Operating System	cisco	rv130w_wireless-n_multifunction_vpn_router_firmware	*	Yes
Hardware	cisco	rv130w_wireless-n_multifunction_vpn_router	-	No
Operating System	cisco	rv215w_wireless-n_vpn_router_firmware	*	Yes
Hardware	cisco	rv215w_wireless-n_vpn_router	-	No

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1 Mitigation, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/92269 ([email protected])
http://www.securitytracker.com/id/1036528 ([email protected])
https://www.exploit-db.com/exploits/45986/ ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92269 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036528 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45986/ (af854a3a-2127-422b-91ae-364da2661108)