Cisco Intrusion Prevention System Local Privilege Escalation Vulnerability

Cisco IPS is susceptible to a local privilege escalation vulnerability. This issue is due to a flaw in the logic of the command line interface (CLI).

Users with VIEWER or OPERATOR privileges may exploit this vulnerability to gain administrative access on affected devices. These privileges are non-privileged accounts designated for monitoring and troubleshooting of IPS devices.

By exploiting this vulnerability, attackers may gain full administrative privileges on affected devices. This allows them to bypass the network security features of the device, aiding them in further attacks. Arbitrary code execution and denial of network services is also possible.


 

Privacy Statement
Copyright 2010, SecurityFocus