CVE-2015-0691 Detail

CVE-2015-0691

CVE Descriptions

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-264	Category : Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	9.3		AV:N/AC:M/Au:N/C:C/I:C/A:C	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Cisco>>Secure_desktop >> Version 3.0_base

Cisco>>Secure_desktop >> Version 3.0_base (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.1.0.31

Cisco>>Secure_desktop >> Version 3.1.0.31 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.1.1

Cisco>>Secure_desktop >> Version 3.1.1 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.1.1.45

Cisco>>Secure_desktop >> Version 3.1.1.45 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.1_base

Cisco>>Secure_desktop >> Version 3.1_base (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.2.0.136

Cisco>>Secure_desktop >> Version 3.2.0.136 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.2.1.103

Cisco>>Secure_desktop >> Version 3.2.1.103 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.2.1.126

Cisco>>Secure_desktop >> Version 3.2.1.126 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.2_base

Cisco>>Secure_desktop >> Version 3.2_base (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.3.0.118

Cisco>>Secure_desktop >> Version 3.3.0.118 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.3.0.151

Cisco>>Secure_desktop >> Version 3.3.0.151 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.3_base

Cisco>>Secure_desktop >> Version 3.3_base (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.4.0373

Cisco>>Secure_desktop >> Version 3.4.0373 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.4.1108

Cisco>>Secure_desktop >> Version 3.4.1108 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.4.2048

Cisco>>Secure_desktop >> Version 3.4.2048 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.4_base

Cisco>>Secure_desktop >> Version 3.4_base (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.5.841

Cisco>>Secure_desktop >> Version 3.5.841 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.5.1077

Cisco>>Secure_desktop >> Version 3.5.1077 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.5.2001

Cisco>>Secure_desktop >> Version 3.5.2001 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.5.2003

Cisco>>Secure_desktop >> Version 3.5.2003 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.5.2008

Cisco>>Secure_desktop >> Version 3.5.2008 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.5_base

Cisco>>Secure_desktop >> Version 3.5_base (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.181

Cisco>>Secure_desktop >> Version 3.6.181 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.185

Cisco>>Secure_desktop >> Version 3.6.185 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.1001

Cisco>>Secure_desktop >> Version 3.6.1001 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.2002

Cisco>>Secure_desktop >> Version 3.6.2002 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.3002

Cisco>>Secure_desktop >> Version 3.6.3002 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.4021

Cisco>>Secure_desktop >> Version 3.6.4021 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.5005

Cisco>>Secure_desktop >> Version 3.6.5005 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.6020

Cisco>>Secure_desktop >> Version 3.6.6020 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.6104

Cisco>>Secure_desktop >> Version 3.6.6104 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.6203

Cisco>>Secure_desktop >> Version 3.6.6203 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.6210

Cisco>>Secure_desktop >> Version 3.6.6210 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.6228

Cisco>>Secure_desktop >> Version 3.6.6228 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.6234

Cisco>>Secure_desktop >> Version 3.6.6234 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6.6249

Cisco>>Secure_desktop >> Version 3.6.6249 (Open CPE detail)

Cisco>>Secure_desktop >> Version 3.6_base

Cisco>>Secure_desktop >> Version 3.6_base (Open CPE detail)

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd
Tags : vendor-advisory, x_refsource_CISCO

http://www.securitytracker.com/id/1032140
Tags : vdb-entry, x_refsource_SECTRACK

CVE-2015-0691 : Detail