Guest

Preview Tool

Cisco Bug: CSCur09815 - Challenge/Response bypass in the 'request system shell' CLI command

Last Modified

Sep 19, 2019

Products (150)

  • Cisco IOS
  • Cisco Catalyst 2960X-24PD-L Switch
  • Cisco Catalyst 3560X-48U-S Switch
  • Cisco Catalyst 2960S-24PD-L Switch
  • Cisco Catalyst 3560X-48T-E Switch
  • Cisco Catalyst 3560X-48P-S Switch
  • Cisco Catalyst 2960X-24PS-L Switch
  • Cisco Catalyst 2960C-8TC-S Switch
  • Cisco Catalyst 2960X-48LPS-L Switch
  • Cisco Embedded Service 2020 CON B Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

15.0(1)EX3 15.2(1)E 15.2(2)E

Description (partial)

Symptom:
Linux root shell access using the ''request system shell'' CLI without entering the right challenge response.

Conditions:
Platforms running IOS-XE 3E, 3SG, 3SE : WS-C3850, WS-C3650, AIR-CT5760 and WS-C4500X (cat4500e, not cat4500es8).
Privilege 15 is required.
'service internal' must be configured (not recommended).
All versions are affected.

IOS-XE 3S is NOT affected (ASR1000, ISR-4x00, CSR-1000V, ASR903).

IOS-XE 3XO is NOT affected (CAT4500ES8).

IOS-XE 3SQ is NOT affected (RFGWK10).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.