Guest

Preview Tool

Cisco Bug: CSCtd72286 - Insufficient command line filtering within the upgrade command.

Last Modified

May 24, 2016

Products (16)

  • Cisco IPS 4200 Series Sensors
  • Cisco IPS Sensor Software Version 7.0
  • Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Services Module
  • Cisco IPS 4260 Sensor
  • Cisco IPS Sensor Software Version 6.1
  • Cisco IPS 4255 Sensor
  • Cisco Intrusion Prevention System Network Module
  • Cisco IPS 4270-20 Sensor
  • Cisco ASA Advanced Inspection and Prevention Security Services Card
  • Cisco IPS Sensor Software Version 6.2
View all products in Bug Search Tool Login Required

Known Affected Releases

5.0(0.1) 5.0(1) 5.1(1) 6.0(1)E1 6.1(1)E1 6.2(1)E3 7.0(1)E3

Description (partial)

Symptom:
In certain situations it may be possible for an authenticated administrator of an affected device with SuperUser privileges to execute commands on the underlying operating system as root.

Conditions:
An administrator that issues an upgrade command on the CLI that contains a malformed package name may be 
able to trigger this issue.  The issue exists on devices running Cisco IPS versions 5.x, 6.x and 7.x.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.