CVE-2015-0660

{"id": "CVE-2015-0660", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-14T01:59:09.033", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1031924", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123."}, {"lang": "es", "value": "El software Cisco Virtual TelePresence Server no restringe de forma adecuada el uso de un puerto serial, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario de comandos del Sistema Operativo como root aprovechando los privilegios de administraci\u00f3n del controlador vSphere, tambi\u00e9n conocido como ID CSCus61123."}], "lastModified": "2015-10-28T02:17:57.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_server_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C6FF37-F030-4FF6-9C02-37D81B50EC50"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}