CVE-2015-6383

high

Description

Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.

References

http://www.securitytracker.com/id/1034296

http://www.securitytracker.com/id/1034277

http://www.securityfocus.com/bid/78521

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa

Details

Source: Mitre, NVD

Published: 2015-12-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00132