CVE-2015-0691

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd	Mitigation Vendor Advisory
http://www.securitytracker.com/id/1032140	Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd	Mitigation Vendor Advisory
http://www.securitytracker.com/id/1032140	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_desktop:3.0_base:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1.0.31:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1.1:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1.1.45:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1_base:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.2.0.136:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.2.1.103:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.2.1.126:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.2_base:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.3.0.118:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.3.0.151:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.3_base:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.4.0373:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.4.1108:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.4.2048:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.4_base:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.841:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.1077:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.2001:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.2003:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.2008:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5_base:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.181:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.185:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.1001:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.2002:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.3002:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.4021:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.5005:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.6020:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.6104:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.6203:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.6210:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.6228:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.6234:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.6249:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6_base:::::::*

History

21 Nov 2024, 02:23

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd - Mitigation, Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd - Mitigation, Vendor Advisory
References	~~() http://www.securitytracker.com/id/1032140 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1032140 - Third Party Advisory, VDB Entry

Information

Published : 2015-04-17 01:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-0691

Mitre link : CVE-2015-0691

CVE.ORG link : CVE-2015-0691

JSON object : View

Products Affected

cisco

secure_desktop

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-264

Permissions, Privileges, and Access Controls

9.3 /10