Sign-up

ID

VAR-201504-0273


CVE

CVE-2015-0693


TITLE

Cisco Web Security Any in the appliance device software Python Code execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002286

DESCRIPTION

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259. The Cisco Web Security Appliance is a secure Web gateway that integrates malware protection, application visualization control, policy control, and more on a single platform. A local privilege elevation vulnerability exists in the Cisco Web Security Appliance. Allows an attacker to exploit this vulnerability to execute arbitrary Python code with higher privileges. Successful exploits may result in complete system compromise. This issue being tracked by Cisco Bug ID CSCut39259

Trust: 2.61

sources: NVD: CVE-2015-0693 // JVNDB: JVNDB-2015-002286 // CNVD: CNVD-2015-02426 // BID: 74058 // VULHUB: VHN-78639 // VULMON: CVE-2015-0693

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-02426

AFFECTED PRODUCTS

vendor:ciscomodel:web security appliancescope:eqversion:8.5_base

Trust: 1.6

vendor:ciscomodel:web security the appliancescope:eqversion:8.5.0-ise-147

Trust: 0.8

vendor:ciscomodel:web security appliancescope: - version: -

Trust: 0.6

vendor:ciscomodel:web security appliancescope:eqversion:8.5

Trust: 0.3

sources: CNVD: CNVD-2015-02426 // BID: 74058 // JVNDB: JVNDB-2015-002286 // CNNVD: CNNVD-201504-273 // NVD: CVE-2015-0693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0693
value: HIGH

Trust: 1.0

NVD: CVE-2015-0693
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-02426
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201504-273
value: HIGH

Trust: 0.6

VULHUB: VHN-78639
value: HIGH

Trust: 0.1

VULMON: CVE-2015-0693
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0693
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-02426
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78639
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-02426 // VULHUB: VHN-78639 // VULMON: CVE-2015-0693 // JVNDB: JVNDB-2015-002286 // CNNVD: CNNVD-201504-273 // NVD: CVE-2015-0693

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-78639 // JVNDB: JVNDB-2015-002286 // NVD: CVE-2015-0693

THREAT TYPE

local

Trust: 0.9

sources: BID: 74058 // CNNVD: CNNVD-201504-273

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201504-273

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002286

PATCH
title:38306url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38306
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002286

EXTERNAL IDS
db:NVDid:CVE-2015-0693
Trust: 3.5
db:SECTRACKid:1032097
Trust: 1.2
db:BIDid:74058
Trust: 1.1
db:JVNDBid:JVNDB-2015-002286
Trust: 0.8
db:CNNVDid:CNNVD-201504-273
Trust: 0.7
db:CNVDid:CNVD-2015-02426
Trust: 0.6
db:VULHUBid:VHN-78639
Trust: 0.1
db:VULMONid:CVE-2015-0693
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-02426 // 
            
            
            
            VULHUB: VHN-78639 // 
            
            
            
            VULMON: CVE-2015-0693 // 
            
            
            
            BID: 74058 // 
            
            
            
            JVNDB: JVNDB-2015-002286 // 
            
            
            
            CNNVD: CNNVD-201504-273 // 
            
            
            
            NVD: CVE-2015-0693

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38306
Trust: 2.7
url:http://www.securitytracker.com/id/1032097
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0693
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0693
Trust: 0.8
url:http://www.securityfocus.com/bid/74058
Trust: 0.7
url:http://www.cisco.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-02426 // 
            
            
            
            VULHUB: VHN-78639 // 
            
            
            
            VULMON: CVE-2015-0693 // 
            
            
            
            BID: 74058 // 
            
            
            
            JVNDB: JVNDB-2015-002286 // 
            
            
            
            CNNVD: CNNVD-201504-273 // 
            
            
            
            NVD: CVE-2015-0693

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 74058

SOURCES
db:CNVDid:CNVD-2015-02426
db:VULHUBid:VHN-78639
db:VULMONid:CVE-2015-0693
db:BIDid:74058
db:JVNDBid:JVNDB-2015-002286
db:CNNVDid:CNNVD-201504-273
db:NVDid:CVE-2015-0693

LAST UPDATE DATE
2024-11-23T22:08:08.119000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-02426date:2015-04-16T00:00:00
db:VULHUBid:VHN-78639date:2017-01-06T00:00:00
db:VULMONid:CVE-2015-0693date:2017-01-06T00:00:00
db:BIDid:74058date:2015-04-13T00:00:00
db:JVNDBid:JVNDB-2015-002286date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-273date:2015-04-16T00:00:00
db:NVDid:CVE-2015-0693date:2024-11-21T02:23:32.990

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-02426date:2015-04-15T00:00:00
db:VULHUBid:VHN-78639date:2015-04-15T00:00:00
db:VULMONid:CVE-2015-0693date:2015-04-15T00:00:00
db:BIDid:74058date:2015-04-13T00:00:00
db:JVNDBid:JVNDB-2015-002286date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-273date:2015-04-16T00:00:00
db:NVDid:CVE-2015-0693date:2015-04-15T10:59:01.393