Sign-up

ID

VAR-201503-0164


CVE

CVE-2015-0660


TITLE

Cisco TelePresence Server on Virtual Machine In software root Any at authority OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001824

DESCRIPTION

Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. A local attacker may exploit this issue to gain shell access of the underlying operating system with root privileges. Successful exploits may result in complete system compromise. This issue being tracked by Cisco Bug ID CSCus61123. The software provides functions such as audio and video spaces

Trust: 2.07

sources: NVD: CVE-2015-0660 // JVNDB: JVNDB-2015-001824 // BID: 73090 // VULHUB: VHN-78606 // VULMON: CVE-2015-0660

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence server softwarescope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence server softwarescope:lteversion:(cisco telepresence server on virtual machine) 4.1(1.79)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:telepresence server on virtual machinescope:eqversion:0

Trust: 0.3

sources: BID: 73090 // JVNDB: JVNDB-2015-001824 // CNNVD: CNNVD-201503-327 // NVD: CVE-2015-0660

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0660
value: HIGH

Trust: 1.0

NVD: CVE-2015-0660
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201503-327
value: HIGH

Trust: 0.6

VULHUB: VHN-78606
value: HIGH

Trust: 0.1

VULMON: CVE-2015-0660
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0660
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-78606
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78606 // VULMON: CVE-2015-0660 // JVNDB: JVNDB-2015-001824 // CNNVD: CNNVD-201503-327 // NVD: CVE-2015-0660

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-78606 // JVNDB: JVNDB-2015-001824 // NVD: CVE-2015-0660

THREAT TYPE

local

Trust: 0.9

sources: BID: 73090 // CNNVD: CNNVD-201503-327

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 73090

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001824

PATCH
title:37869url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37869
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001824

EXTERNAL IDS
db:NVDid:CVE-2015-0660
Trust: 2.9
db:SECTRACKid:1031924
Trust: 1.2
db:JVNDBid:JVNDB-2015-001824
Trust: 0.8
db:CNNVDid:CNNVD-201503-327
Trust: 0.7
db:BIDid:73090
Trust: 0.5
db:VULHUBid:VHN-78606
Trust: 0.1
db:VULMONid:CVE-2015-0660
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78606 // 
            
            
            
            VULMON: CVE-2015-0660 // 
            
            
            
            BID: 73090 // 
            
            
            
            JVNDB: JVNDB-2015-001824 // 
            
            
            
            CNNVD: CNNVD-201503-327 // 
            
            
            
            NVD: CVE-2015-0660

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0660
Trust: 2.1
url:http://www.securitytracker.com/id/1031924
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0660
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0660
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://www.cisco.com/c/en/us/support/conferencing/telepresence-server-on-virtual-machine/model.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/73090
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78606 // 
            
            
            
            VULMON: CVE-2015-0660 // 
            
            
            
            BID: 73090 // 
            
            
            
            JVNDB: JVNDB-2015-001824 // 
            
            
            
            CNNVD: CNNVD-201503-327 // 
            
            
            
            NVD: CVE-2015-0660

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 73090

SOURCES
db:VULHUBid:VHN-78606
db:VULMONid:CVE-2015-0660
db:BIDid:73090
db:JVNDBid:JVNDB-2015-001824
db:CNNVDid:CNNVD-201503-327
db:NVDid:CVE-2015-0660

LAST UPDATE DATE
2024-11-23T22:22:55.953000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78606date:2015-10-28T00:00:00
db:VULMONid:CVE-2015-0660date:2015-10-28T00:00:00
db:BIDid:73090date:2015-03-12T00:00:00
db:JVNDBid:JVNDB-2015-001824date:2015-03-17T00:00:00
db:CNNVDid:CNNVD-201503-327date:2015-03-19T00:00:00
db:NVDid:CVE-2015-0660date:2024-11-21T02:23:29.420

SOURCES RELEASE DATE
db:VULHUBid:VHN-78606date:2015-03-14T00:00:00
db:VULMONid:CVE-2015-0660date:2015-03-14T00:00:00
db:BIDid:73090date:2015-03-12T00:00:00
db:JVNDBid:JVNDB-2015-001824date:2015-03-17T00:00:00
db:CNNVDid:CNNVD-201503-327date:2015-03-16T00:00:00
db:NVDid:CVE-2015-0660date:2015-03-14T01:59:09.033