Oh dear Cisco has announced a privilege escalation bug in its Aggregation Service Router 1000 Series.
There’s a lot of cases where local privilege escalation isn’t such a big deal, but it’s a bit more serious when it means a low-privilege sysadmin can get root access to a unit that has 100 Gbps-plus configurations in carrier and ISP deployments.
Described here, the “root shell license bypass vulnerability”, CV-2015-6383, arises from a lack of input filename validation in the CLI.
“An attacker could exploit this vulnerability by authenticating to the affected device and crafting specific file names for use when loading packages”, the advisory explains.
That bypasses the license required for root shell access, Cisco says – and that means they’d thoroughly own the device.
Of course, there’s also the matter of people getting root access who haven’t paid the appropriate license fee, but surely no customer would take advantage of a bug merely to break their license conditions and save money.
The vulnerability affects ASR 100 Series devices running at version 15.4(3)S, and they have to be patched because there’s no workaround.