Lucene search

[email protected]CVE-2015-0660

HistoryMar 14, 2015 - 1:59 a.m.

CVE-2015-0660

2015-03-1401:59:00

CWE-284

[email protected]

web.nvd.nist.gov

cisco

telepresence

server

software

local users

arbitrary commands

root access

serial port

security vulnerability

7.4 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.

CPENameOperatorVersion
cisco:telepresence_server_softwarecisco telepresence server softwareeq*

CPE	Name	Operator	Version
cisco:telepresence_server_software	cisco telepresence server software	eq	*

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660

www.securitytracker.com/id/1031924

7.4 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2015-0660

prion1 cisco1 cvelist1 kaspersky1