Privilege escalation in Cisco Network Convergence System 5000 Series - CVE-2016-6428
Published: October 6, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU777
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6428
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Network Convergence System 5000 Series
Cisco Network Convergence System 5000 Series
Detailed vulnerability description
The vulnerability allows a local authenticated user to obtain root privileges on the target system.
The weakness is due to user permissions flaw that lets a malicious user to gain elevated privileges and cause arbitrary command execution with root privileges.
Successful exploitations of the vulnerability allows a local attacker to gain root privileges and execute arbitrary operating system commands on the vulnerable system.
The weakness is due to user permissions flaw that lets a malicious user to gain elevated privileges and cause arbitrary command execution with root privileges.
Successful exploitations of the vulnerability allows a local attacker to gain root privileges and execute arbitrary operating system commands on the vulnerable system.
How to mitigate CVE-2016-6428
Update to version 6.1.1.24i.BASE, 6.1.11.3i.BASE, 6.1.12.1i.BASE, 6.1.2.1i.BASE or 6.2.1.5i.BASE.