9.3 - CVE-2015-0691

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2015-0691	First vendor Publication	2015-04-16
Vendor	Cve	Last vendor Modification	2017-01-06

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0691

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-264	Permissions, Privileges, and Access Controls
50 %	CWE-78	Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Secure Desktop cpe:2.3:a:cisco:secure_desktop:3.6.6249:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.6234:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.6228:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.6210:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.6203:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.6104:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.6020:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.5005:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.4021:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.3002:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.2002:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.185:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.181:::::::* cpe:2.3:a:cisco:secure_desktop:3.6.1001:::::::* cpe:2.3:a:cisco:secure_desktop:3.6_base:::::::* cpe:2.3:a:cisco:secure_desktop:3.5.841:::::::* cpe:2.3:a:cisco:secure_desktop:3.5.2008:::::::* cpe:2.3:a:cisco:secure_desktop:3.5.2003:::::::* cpe:2.3:a:cisco:secure_desktop:3.5.2001:::::::* cpe:2.3:a:cisco:secure_desktop:3.5.1077:::::::* cpe:2.3:a:cisco:secure_desktop:3.5_base:::::::* cpe:2.3:a:cisco:secure_desktop:3.4.2048:::::::* cpe:2.3:a:cisco:secure_desktop:3.4.1108:::::::* cpe:2.3:a:cisco:secure_desktop:3.4.0373:::::::* cpe:2.3:a:cisco:secure_desktop:3.4_base:::::::* cpe:2.3:a:cisco:secure_desktop:3.3.0.151:::::::* cpe:2.3:a:cisco:secure_desktop:3.3.0.118:::::::* cpe:2.3:a:cisco:secure_desktop:3.3_base:::::::* cpe:2.3:a:cisco:secure_desktop:3.2.1.126:::::::* cpe:2.3:a:cisco:secure_desktop:3.2.1.103:::::::* cpe:2.3:a:cisco:secure_desktop:3.2.0.136:::::::* cpe:2.3:a:cisco:secure_desktop:3.2_base:::::::* cpe:2.3:a:cisco:secure_desktop:3.1.1.45:::::::* cpe:2.3:a:cisco:secure_desktop:3.1.1:::::::* cpe:2.3:a:cisco:secure_desktop:3.1.0.31:::::::* cpe:2.3:a:cisco:secure_desktop:3.1_base:::::::* cpe:2.3:a:cisco:secure_desktop:3.0_base:::::::*	37

Snort® IPS/IDS

Date	Description
2015-04-22	Cisco Secure Desktop Applet command execution attempt RuleID : 34180 - Revision : 1 - Type : OS-OTHER

Sources (Detail)

Source	Url
CISCO	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...
SECTRACK	http://www.securitytracker.com/id/1032140

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:36:24	Multiple Updates
2021-04-22 01:44:08	Multiple Updates
2020-05-23 00:43:39	Multiple Updates
2017-01-06 21:24:03	Multiple Updates
2017-01-03 09:23:06	Multiple Updates
2016-04-27 01:44:31	Multiple Updates
2015-04-24 00:27:33	Multiple Updates
2015-04-22 21:26:21	Multiple Updates
2015-04-22 00:28:06	Multiple Updates
2015-04-21 09:26:54	Multiple Updates
2015-04-18 00:26:32	Multiple Updates
2015-04-17 09:28:30	First insertion

Global Informations

Type	Count
CWE ID(s)	2
CPE ID(s)	37
Sources(s)	2
Snort® Rule(s)	1

	Related
9.3	cisco-sa-201504...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

9.3 - CVE-2015-0691

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Snort® IPS/IDS

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU