ID

VAR-201411-0245


CVE

CVE-2014-7990


TITLE

plural Cisco Runs on the device Cisco IOS XE In Linux of root Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2014-005287

DESCRIPTION

Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The Cisco IOS XE software has a local security bypass vulnerability that an attacker can use to bypass certain security restrictions and perform unauthorized operations in an affected system environment. This issue is being tracked by Cisco Bug ID CSCur09815. The vulnerability is caused by the program not correctly parsing the 'request system shell' challenge response

Trust: 2.52

sources: NVD: CVE-2014-7990 // JVNDB: JVNDB-2014-005287 // CNVD: CNVD-2014-08192 // BID: 70968 // VULHUB: VHN-75935

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-08192

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:lteversion:3.5e

Trust: 1.8

vendor:ciscomodel:ws-c3850scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:air-ct5760scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ws-c3860scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:air-ct5760scope: - version: -

Trust: 0.8

vendor:ciscomodel:ws-c3850scope: - version: -

Trust: 0.8

vendor:ciscomodel:ws-c3860scope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe <=3.5escope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.5e

Trust: 0.6

vendor:ciscomodel:ios xe software 3.5escope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.4sg.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.4sg.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.4sg.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.3xo.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.3sg.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.3sg.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.3sg.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.3se.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.3se.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2xo.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2xo.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.5scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.4scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2se.3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2se.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2se.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2se.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.2sg.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.1sg.1scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2014-08192 // BID: 70968 // JVNDB: JVNDB-2014-005287 // CNNVD: CNNVD-201411-109 // NVD: CVE-2014-7990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-7990
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-7990
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-08192
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201411-109
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75935
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-7990
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-08192
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-75935
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-08192 // VULHUB: VHN-75935 // JVNDB: JVNDB-2014-005287 // CNNVD: CNNVD-201411-109 // NVD: CVE-2014-7990

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-75935 // JVNDB: JVNDB-2014-005287 // NVD: CVE-2014-7990

THREAT TYPE

local

Trust: 0.9

sources: BID: 70968 // CNNVD: CNNVD-201411-109

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201411-109

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005287

PATCH

title:Cisco IOS XE Challenge/Response Bypass Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990

Trust: 0.8

title:36351url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36351

Trust: 0.8

sources: JVNDB: JVNDB-2014-005287

EXTERNAL IDS

db:NVDid:CVE-2014-7990

Trust: 3.4

db:BIDid:70968

Trust: 2.0

db:SECTRACKid:1031179

Trust: 1.1

db:JVNDBid:JVNDB-2014-005287

Trust: 0.8

db:CNNVDid:CNNVD-201411-109

Trust: 0.7

db:CNVDid:CNVD-2014-08192

Trust: 0.6

db:VULHUBid:VHN-75935

Trust: 0.1

sources: CNVD: CNVD-2014-08192 // VULHUB: VHN-75935 // BID: 70968 // JVNDB: JVNDB-2014-005287 // CNNVD: CNNVD-201411-109 // NVD: CVE-2014-7990

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-7990

Trust: 2.0

url:http://tools.cisco.com/security/center/viewalert.x?alertid=36351

Trust: 2.0

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7990

Trust: 1.4

url:http://www.securityfocus.com/bid/70968

Trust: 1.1

url:http://www.securitytracker.com/id/1031179

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98529

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7990

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2014-08192 // VULHUB: VHN-75935 // BID: 70968 // JVNDB: JVNDB-2014-005287 // CNNVD: CNNVD-201411-109 // NVD: CVE-2014-7990

CREDITS

Cisco

Trust: 0.3

sources: BID: 70968

SOURCES

db:CNVDid:CNVD-2014-08192
db:VULHUBid:VHN-75935
db:BIDid:70968
db:JVNDBid:JVNDB-2014-005287
db:CNNVDid:CNNVD-201411-109
db:NVDid:CVE-2014-7990

LAST UPDATE DATE

2024-11-23T21:44:47.994000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-08192date:2014-11-11T00:00:00
db:VULHUBid:VHN-75935date:2017-09-08T00:00:00
db:BIDid:70968date:2014-11-06T00:00:00
db:JVNDBid:JVNDB-2014-005287date:2014-11-10T00:00:00
db:CNNVDid:CNNVD-201411-109date:2014-11-14T00:00:00
db:NVDid:CVE-2014-7990date:2024-11-21T02:18:23.293

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-08192date:2014-11-11T00:00:00
db:VULHUBid:VHN-75935date:2014-11-07T00:00:00
db:BIDid:70968date:2014-11-06T00:00:00
db:JVNDBid:JVNDB-2014-005287date:2014-11-10T00:00:00
db:CNNVDid:CNNVD-201411-109date:2014-11-14T00:00:00
db:NVDid:CVE-2014-7990date:2014-11-07T11:55:03.907