Executive Summary

Informations
Name CVE-2015-6420 First vendor Publication 2015-12-15
Vendor Cve Last vendor Modification 2025-03-25

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6420

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-502 Deserialization of Untrusted Data

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Nessus® Vulnerability Scanner

Date Description
2017-05-02 Name : A network management system running on the remote host is affected by a remot...
File : cisco_prime_lms_java_deser.nasl - Type : ACT_ATTACK
2017-05-02 Name : A web application running on the remote host is affected by a remote code exe...
File : cisco_security_java_deser.nasl - Type : ACT_ATTACK
2016-10-10 Name : The remote device is affected by a remote code execution vulnerability.
File : cisco_cucm_CSCux34835.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/78872
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenk...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e...
https://news.apache.org/foundation/entry/apache_commons_statement_to_widespread
https://www.kb.cert.org/vuls/id/576313
https://www.kb.cert.org/vuls/id/581311
https://www.tenable.com/security/research/tra-2017-14
https://www.tenable.com/security/research/tra-2017-23
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Date Informations
2025-03-25 21:21:59
  • Multiple Updates
2024-11-28 12:49:16
  • Multiple Updates
2023-11-07 21:44:20
  • Multiple Updates
2021-05-04 12:42:07
  • Multiple Updates
2021-04-22 01:51:15
  • Multiple Updates
2021-03-26 12:16:10
  • Multiple Updates
2020-05-23 01:56:40
  • Multiple Updates
2020-05-23 00:46:26
  • Multiple Updates
2018-10-02 00:19:19
  • Multiple Updates
2018-07-19 09:19:08
  • Multiple Updates
2017-12-14 21:21:51
  • Multiple Updates
2017-11-08 09:23:48
  • Multiple Updates
2017-11-03 09:21:16
  • Multiple Updates
2017-05-04 13:25:28
  • Multiple Updates
2017-02-17 09:23:53
  • Multiple Updates
2017-01-20 09:23:39
  • Multiple Updates
2016-11-29 00:25:25
  • Multiple Updates
2016-10-11 13:21:32
  • Multiple Updates
2015-12-16 09:25:15
  • Multiple Updates
2015-12-15 09:25:46
  • First insertion