Sign-up

ID

VAR-201504-0271


CVE

CVE-2015-0691


TITLE

Cisco Secure Desktop of Cache Cleaner Specific distributed with Cisco JAR Vulnerability to execute arbitrary command in file

Trust: 0.8

sources: JVNDB: JVNDB-2015-002381

DESCRIPTION

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. Vendors have confirmed this vulnerability Bug ID CSCup83001 It is released as.Skillfully crafted by a third party Web Arbitrary commands may be executed via the site. Cisco Secure Desktop (CSD) is a secure desktop product of Cisco (Cisco), which can reduce the number of cookies, browser history, temporary files and downloads in the system after remote user logout or SSL VPN session timeout through encryption function. remaining risks

Trust: 1.8

sources: NVD: CVE-2015-0691 // JVNDB: JVNDB-2015-002381 // VULHUB: VHN-78637 // VULMON: CVE-2015-0691

AFFECTED PRODUCTS

vendor:ciscomodel:secure desktopscope:eqversion:3.1.1.45

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.1.0.31

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.4_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.4.2048

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.3_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.6.4021

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.2.0.136

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.2_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.0_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.1_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.2.1.126

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.1001

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6249

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.1.1

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.2008

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6_base

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6234

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5_base

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.3.0.118

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.185

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.841

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.3.0.151

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.1077

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.5005

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6104

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6203

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.2003

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.3002

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6210

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.2.1.103

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.4.0373

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.2001

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.181

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.2002

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.4.1108

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6228

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6020

Trust: 1.0

vendor:ciscomodel:secure desktopscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2015-002381 // CNNVD: CNNVD-201504-375 // NVD: CVE-2015-0691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0691
value: HIGH

Trust: 1.0

NVD: CVE-2015-0691
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201504-375
value: CRITICAL

Trust: 0.6

VULHUB: VHN-78637
value: HIGH

Trust: 0.1

VULMON: CVE-2015-0691
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0691
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-78637
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78637 // VULMON: CVE-2015-0691 // JVNDB: JVNDB-2015-002381 // CNNVD: CNNVD-201504-375 // NVD: CVE-2015-0691

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-78637 // JVNDB: JVNDB-2015-002381 // NVD: CVE-2015-0691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-375

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201504-375

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002381

PATCH
title:cisco-sa-20150415-csdurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd
Trust: 0.8
title:38330url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38330
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002381

EXTERNAL IDS
db:NVDid:CVE-2015-0691
Trust: 2.6
db:SECTRACKid:1032140
Trust: 1.2
db:JVNDBid:JVNDB-2015-002381
Trust: 0.8
db:CNNVDid:CNNVD-201504-375
Trust: 0.7
db:VULHUBid:VHN-78637
Trust: 0.1
db:VULMONid:CVE-2015-0691
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78637 // 
            
            
            
            VULMON: CVE-2015-0691 // 
            
            
            
            JVNDB: JVNDB-2015-002381 // 
            
            
            
            CNNVD: CNNVD-201504-375 // 
            
            
            
            NVD: CVE-2015-0691

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150415-csd
Trust: 1.8
url:http://www.securitytracker.com/id/1032140
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0691
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0691
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78637 // 
            
            
            
            VULMON: CVE-2015-0691 // 
            
            
            
            JVNDB: JVNDB-2015-002381 // 
            
            
            
            CNNVD: CNNVD-201504-375 // 
            
            
            
            NVD: CVE-2015-0691

SOURCES
db:VULHUBid:VHN-78637
db:VULMONid:CVE-2015-0691
db:JVNDBid:JVNDB-2015-002381
db:CNNVDid:CNNVD-201504-375
db:NVDid:CVE-2015-0691

LAST UPDATE DATE
2024-11-23T22:49:23.032000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78637date:2017-01-06T00:00:00
db:VULMONid:CVE-2015-0691date:2017-01-06T00:00:00
db:JVNDBid:JVNDB-2015-002381date:2015-04-21T00:00:00
db:CNNVDid:CNNVD-201504-375date:2015-04-17T00:00:00
db:NVDid:CVE-2015-0691date:2024-11-21T02:23:32.760

SOURCES RELEASE DATE
db:VULHUBid:VHN-78637date:2015-04-17T00:00:00
db:VULMONid:CVE-2015-0691date:2015-04-17T00:00:00
db:JVNDBid:JVNDB-2015-002381date:2015-04-21T00:00:00
db:CNNVDid:CNNVD-201504-375date:2015-04-17T00:00:00
db:NVDid:CVE-2015-0691date:2015-04-17T01:59:25.420