Unrated severityNVD Advisory· Published Nov 7, 2014· Updated May 6, 2026

CVE-2014-7990

Description

Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815.

Affected products

Cisco Systems, Inc./Air Ct5760
cpe:2.3:h:cisco:air-ct5760:*:*:*:*:*:*:*:*
Cisco Systems, Inc./Ws C3850
cpe:2.3:h:cisco:ws-c3850:*:*:*:*:*:*:*:*
Cisco Systems, Inc./Ws C3860
cpe:2.3:h:cisco:ws-c3860:*:*:*:*:*:*:*:*
Cisco Systems, Inc./iOS Xe
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
Range: <=3.5e

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990nvdVendor Advisory
tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
www.securityfocus.com/bid/70968nvd
www.securitytracker.com/id/1031179nvd
exchange.xforce.ibmcloud.com/vulnerabilities/98529nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000