Vulnerability-Lookup

CVE-2015-0589 (GCVE-0-2015-0589)

Vulnerability from cvelistv5 – Published: 2015-02-07 15:00 – Updated: 2024-08-06 04:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1031692	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/62799	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/72493	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:31.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1031692",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031692"
          },
          {
            "name": "62799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62799"
          },
          {
            "name": "cisco-webex-cve20150589-command-exec(100719)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
          },
          {
            "name": "20150204 Cisco WebEx Meetings Server Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
          },
          {
            "name": "72493",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72493"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1031692",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031692"
        },
        {
          "name": "62799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62799"
        },
        {
          "name": "cisco-webex-cve20150589-command-exec(100719)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
        },
        {
          "name": "20150204 Cisco WebEx Meetings Server Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
        },
        {
          "name": "72493",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72493"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0589",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1031692",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031692"
            },
            {
              "name": "62799",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62799"
            },
            {
              "name": "cisco-webex-cve20150589-command-exec(100719)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
            },
            {
              "name": "20150204 Cisco WebEx Meetings Server Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
            },
            {
              "name": "72493",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72493"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0589",
    "datePublished": "2015-02-07T15:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:31.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCBD90AA-A7EB-4F48-AA80-366FD9D1FEAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD58CDC2-0216-4AB9-85B7-8A4197BA53FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C06D7CF0-1FD7-4FD1-9FAC-4A74E7AC18DB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.\"}, {\"lang\": \"es\", \"value\": \"La interfaz web administrativa en Cisco WebEx Meetings Server 1.0 hasta 1.5 permite a usuarios remotos autenticados ejecutar comandos del sistema operativo arbitrarios con privilegios root a trav\\u00e9s de campos especificados, tambi\\u00e9n conocido como Bug ID CSCuj40460.\"}]",
      "id": "CVE-2015-0589",
      "lastModified": "2024-11-21T02:23:22.090",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-02-07T15:59:06.143",
      "references": "[{\"url\": \"http://secunia.com/advisories/62799\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/72493\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1031692\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100719\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/62799\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/72493\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1031692\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100719\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0589\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-02-07T15:59:06.143\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.\"},{\"lang\":\"es\",\"value\":\"La interfaz web administrativa en Cisco WebEx Meetings Server 1.0 hasta 1.5 permite a usuarios remotos autenticados ejecutar comandos del sistema operativo arbitrarios con privilegios root a trav\u00e9s de campos especificados, tambi\u00e9n conocido como Bug ID CSCuj40460.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCBD90AA-A7EB-4F48-AA80-366FD9D1FEAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD58CDC2-0216-4AB9-85B7-8A4197BA53FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C06D7CF0-1FD7-4FD1-9FAC-4A74E7AC18DB\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/62799\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/72493\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1031692\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100719\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/62799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/72493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100719\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2015-AVI-056

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco WebEx Meetings Server. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco WebEx Meetings Server 1.0, 1.1 et 1.5

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20150204-wbx du 06 février 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150204-wbx du 06 février 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco WebEx Meetings Server 1.0, 1.1 et 1.5\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-0589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0589"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150204-wbx du 06    f\u00e9vrier 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
    }
  ],
  "reference": "CERTFR-2015-AVI-056",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-02-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco WebEx\nMeetings Server\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco WebEx Meetings Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150204-wbx du 06 f\u00e9vrier 2015",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-056

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco WebEx Meetings Server. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco WebEx Meetings Server 1.0, 1.1 et 1.5

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20150204-wbx du 06 février 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150204-wbx du 06 février 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco WebEx Meetings Server 1.0, 1.1 et 1.5\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-0589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0589"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150204-wbx du 06    f\u00e9vrier 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
    }
  ],
  "reference": "CERTFR-2015-AVI-056",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-02-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco WebEx\nMeetings Server\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco WebEx Meetings Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150204-wbx du 06 f\u00e9vrier 2015",
      "url": null
    }
  ]
}

CNVD-2015-00960

Vulnerability from cnvd - Published: 2015-02-09

Title

Cisco WebEx Meetings Server命令注入漏洞

Description

Cisco WebEx Meetings是网络会议解决方案。 Cisco WebEx Meetings Server存在命令注入漏洞，由于程序未能正确地过滤用户提供的输入。允许攻击者在受影响应用程序上下文中执行任意命令。

Severity

高

Patch Name

Cisco WebEx Meetings Server命令注入漏洞的补丁

Patch Description

Cisco WebEx Meetings是网络会议解决方案。 Cisco WebEx Meetings Server存在命令注入漏洞，由于程序未能正确地过滤用户提供的输入。允许攻击者在受影响应用程序上下文中执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx http://www.securityfocus.com/bid/72493 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0589

Impacted products

Name
Cisco WebEx Meetings Server

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72493"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0589"
    }
  },
  "description": "Cisco WebEx Meetings\u662f\u7f51\u7edc\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002 \r\n\r\nCisco WebEx Meetings Server\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00960",
  "openTime": "2015-02-09",
  "patchDescription": "Cisco WebEx Meetings\u662f\u7f51\u7edc\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002 \r\n\r\nCisco WebEx Meetings Server\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco WebEx Meetings Server\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco WebEx Meetings Server"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx\r\nhttp://www.securityfocus.com/bid/72493\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0589",
  "serverity": "\u9ad8",
  "submitTime": "2015-02-06",
  "title": "Cisco WebEx Meetings Server\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-HGGX-9H6R-3W8R

Vulnerability from github – Published: 2022-05-17 01:10 – Updated: 2022-05-17 01:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0589"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-02-07T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.",
  "id": "GHSA-hggx-9h6r-3w8r",
  "modified": "2022-05-17T01:10:52Z",
  "published": "2022-05-17T01:10:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0589"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62799"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72493"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031692"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201502-0121

Vulnerability from variot - Updated: 2023-12-18 13:57

The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460. Vendors have confirmed this vulnerability Bug ID CSCuj40460 It is released as.Remotely authenticated users can specify any OS The command may be executed. Cisco WebEx Meetings Server is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. This issue is being tracked by Cisco bug ID CSCuj40460. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There are security vulnerabilities in the web management interface of CWMS versions 1.0 to 1.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201502-0121",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "1.5"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0589"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "72493"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-0589",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-0589",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-78535",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0589",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201502-083",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78535",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78535"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460. Vendors have confirmed this vulnerability Bug ID CSCuj40460 It is released as.Remotely authenticated users can specify any OS The command may be executed. Cisco WebEx Meetings Server is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. \nThis issue is being tracked by Cisco bug ID CSCuj40460. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco\u0027s WebEx conference solution. There are security vulnerabilities in the web management interface of CWMS versions 1.0 to 1.5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0589"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "db": "BID",
        "id": "72493"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78535"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0589",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "72493",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1031692",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62799",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-78535",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78535"
      },
      {
        "db": "BID",
        "id": "72493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ]
  },
  "id": "VAR-201502-0121",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78535"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:57:37.070000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20150204-wbx",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150204-wbx"
      },
      {
        "title": "37335",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37335"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78535"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0589"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150204-wbx"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/72493"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031692"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62799"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0589"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0589"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37335"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78535"
      },
      {
        "db": "BID",
        "id": "72493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-78535"
      },
      {
        "db": "BID",
        "id": "72493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-02-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78535"
      },
      {
        "date": "2015-02-04T00:00:00",
        "db": "BID",
        "id": "72493"
      },
      {
        "date": "2015-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "date": "2015-02-07T15:59:06.143000",
        "db": "NVD",
        "id": "CVE-2015-0589"
      },
      {
        "date": "2015-02-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78535"
      },
      {
        "date": "2015-02-04T00:00:00",
        "db": "BID",
        "id": "72493"
      },
      {
        "date": "2015-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      },
      {
        "date": "2017-09-08T01:29:45.293000",
        "db": "NVD",
        "id": "CVE-2015-0589"
      },
      {
        "date": "2015-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WebEx Meetings Server Management  Web Any with root privileges in the interface  OS Command execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001528"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-083"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-0589

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0589

Aliases

CVE-2015-0589

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0589",
    "description": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.",
    "id": "GSD-2015-0589"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0589"
      ],
      "details": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.",
      "id": "GSD-2015-0589",
      "modified": "2023-12-13T01:19:57.911174Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-0589",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1031692",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031692"
          },
          {
            "name": "62799",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62799"
          },
          {
            "name": "cisco-webex-cve20150589-command-exec(100719)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
          },
          {
            "name": "20150204 Cisco WebEx Meetings Server Command Injection Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
          },
          {
            "name": "72493",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/72493"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0589"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150204 Cisco WebEx Meetings Server Command Injection Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
            },
            {
              "name": "72493",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/72493"
            },
            {
              "name": "1031692",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031692"
            },
            {
              "name": "62799",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62799"
            },
            {
              "name": "cisco-webex-cve20150589-command-exec(100719)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-02-07T15:59Z"
    }
  }
}

FKIE_CVE-2015-0589

Vulnerability from fkie_nvd - Published: 2015-02-07 15:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/62799
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/72493
psirt@cisco.com	http://www.securitytracker.com/id/1031692
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/100719
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62799
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72493
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031692
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/100719

Impacted products

Vendor	Product	Version
cisco	webex_meetings_server	1.0
cisco	webex_meetings_server	1.1
cisco	webex_meetings_server	1.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCBD90AA-A7EB-4F48-AA80-366FD9D1FEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD58CDC2-0216-4AB9-85B7-8A4197BA53FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06D7CF0-1FD7-4FD1-9FAC-4A74E7AC18DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460."
    },
    {
      "lang": "es",
      "value": "La interfaz web administrativa en Cisco WebEx Meetings Server 1.0 hasta 1.5 permite a usuarios remotos autenticados ejecutar comandos del sistema operativo arbitrarios con privilegios root a trav\u00e9s de campos especificados, tambi\u00e9n conocido como Bug ID CSCuj40460."
    }
  ],
  "id": "CVE-2015-0589",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-07T15:59:06.143",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/62799"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/72493"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1031692"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100719"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0589 (GCVE-0-2015-0589)

CERTFR-2015-AVI-056

Solution

CERTFR-2015-AVI-056

Solution

CNVD-2015-00960

GHSA-HGGX-9H6R-3W8R

VAR-201502-0121

GSD-2015-0589

FKIE_CVE-2015-0589

Tags

Sightings

Nomenclature