ID

VAR-201504-0271


CVE

CVE-2015-0691


TITLE

Cisco Secure Desktop of Cache Cleaner Specific distributed with Cisco JAR Vulnerability to execute arbitrary command in file

Trust: 0.8

sources: JVNDB: JVNDB-2015-002381

DESCRIPTION

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. Vendors have confirmed this vulnerability Bug ID CSCup83001 It is released as.Skillfully crafted by a third party Web Arbitrary commands may be executed via the site. Cisco Secure Desktop (CSD) is a secure desktop product of Cisco (Cisco), which can reduce the number of cookies, browser history, temporary files and downloads in the system after remote user logout or SSL VPN session timeout through encryption function. remaining risks

Trust: 1.8

sources: NVD: CVE-2015-0691 // JVNDB: JVNDB-2015-002381 // VULHUB: VHN-78637 // VULMON: CVE-2015-0691

AFFECTED PRODUCTS

vendor:ciscomodel:secure desktopscope:eqversion:3.1.1.45

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.1.0.31

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.4_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.4.2048

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.3_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.6.4021

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.2.0.136

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.2_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.0_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.1_base

Trust: 1.6

vendor:ciscomodel:secure desktopscope:eqversion:3.2.1.126

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.1001

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6249

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.1.1

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.2008

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6_base

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6234

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5_base

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.3.0.118

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.185

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.841

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.3.0.151

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.1077

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.5005

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6104

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6203

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.2003

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.3002

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6210

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.2.1.103

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.4.0373

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.5.2001

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.181

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.2002

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.4.1108

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6228

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.6.6020

Trust: 1.0

vendor:ciscomodel:secure desktopscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2015-002381 // CNNVD: CNNVD-201504-375 // NVD: CVE-2015-0691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0691
value: HIGH

Trust: 1.0

NVD: CVE-2015-0691
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201504-375
value: CRITICAL

Trust: 0.6

VULHUB: VHN-78637
value: HIGH

Trust: 0.1

VULMON: CVE-2015-0691
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0691
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-78637
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78637 // VULMON: CVE-2015-0691 // JVNDB: JVNDB-2015-002381 // CNNVD: CNNVD-201504-375 // NVD: CVE-2015-0691

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-78637 // JVNDB: JVNDB-2015-002381 // NVD: CVE-2015-0691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-375

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201504-375

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002381

PATCH

title:cisco-sa-20150415-csdurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd

Trust: 0.8

title:38330url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38330

Trust: 0.8

sources: JVNDB: JVNDB-2015-002381

EXTERNAL IDS

db:NVDid:CVE-2015-0691

Trust: 2.6

db:SECTRACKid:1032140

Trust: 1.2

db:JVNDBid:JVNDB-2015-002381

Trust: 0.8

db:CNNVDid:CNNVD-201504-375

Trust: 0.7

db:VULHUBid:VHN-78637

Trust: 0.1

db:VULMONid:CVE-2015-0691

Trust: 0.1

sources: VULHUB: VHN-78637 // VULMON: CVE-2015-0691 // JVNDB: JVNDB-2015-002381 // CNNVD: CNNVD-201504-375 // NVD: CVE-2015-0691

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150415-csd

Trust: 1.8

url:http://www.securitytracker.com/id/1032140

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0691

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0691

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-78637 // VULMON: CVE-2015-0691 // JVNDB: JVNDB-2015-002381 // CNNVD: CNNVD-201504-375 // NVD: CVE-2015-0691

SOURCES

db:VULHUBid:VHN-78637
db:VULMONid:CVE-2015-0691
db:JVNDBid:JVNDB-2015-002381
db:CNNVDid:CNNVD-201504-375
db:NVDid:CVE-2015-0691

LAST UPDATE DATE

2024-11-23T22:49:23.032000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-78637date:2017-01-06T00:00:00
db:VULMONid:CVE-2015-0691date:2017-01-06T00:00:00
db:JVNDBid:JVNDB-2015-002381date:2015-04-21T00:00:00
db:CNNVDid:CNNVD-201504-375date:2015-04-17T00:00:00
db:NVDid:CVE-2015-0691date:2024-11-21T02:23:32.760

SOURCES RELEASE DATE

db:VULHUBid:VHN-78637date:2015-04-17T00:00:00
db:VULMONid:CVE-2015-0691date:2015-04-17T00:00:00
db:JVNDBid:JVNDB-2015-002381date:2015-04-21T00:00:00
db:CNNVDid:CNNVD-201504-375date:2015-04-17T00:00:00
db:NVDid:CVE-2015-0691date:2015-04-17T01:59:25.420