CVE-2014-7990

medium

Description

Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98529

http://www.securitytracker.com/id/1031179

http://www.securityfocus.com/bid/70968

http://tools.cisco.com/security/center/viewAlert.x?alertId=36351

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990

Details

Source: Mitre, NVD

Published: 2014-11-07

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00084