Vigil@nce - Cisco Aironet: privilege escalation via CLI
October 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can inject commands in the CLI of Cisco
Aironet, in order to escalate his privileges.
– Impacted products: Cisco Aironet.
– Severity: 2/4.
– Creation date: 18/08/2016.
DESCRIPTION OF THE VULNERABILITY
The Cisco Aironet product offers a CLI (command-line interface),
requiring an authentication.
However, using special commands, an attacker can inject commands
which are run as root.
An authenticated attacker can therefore inject commands in the CLI
of Cisco Aironet, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Cisco-Aironet-privilege-escalation-via-CLI-20420