VAR-201508-0494
Vulnerability from variot - Updated: 2023-12-18 14:01The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. Successful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCuv12542. The vulnerability is caused by the program not properly validating the input content in the local file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0494",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence video communication server software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "x8.5.2"
},
{
"model": "telepresence video communication server software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "x8.5.2 (vcs expressway)"
},
{
"model": "telepresence video communication server expressway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x8.5.2"
}
],
"sources": [
{
"db": "BID",
"id": "76408"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"db": "NVD",
"id": "CVE-2015-4327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4327"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "76408"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4327",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-4327",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-82288",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4327",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-435",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-82288",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82288"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"db": "NVD",
"id": "CVE-2015-4327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. \nSuccessful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. \nThis issue is tracked by Cisco Bug ID CSCuv12542. The vulnerability is caused by the program not properly validating the input content in the local file",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4327"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"db": "BID",
"id": "76408"
},
{
"db": "VULHUB",
"id": "VHN-82288"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4327",
"trust": 2.8
},
{
"db": "BID",
"id": "76408",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1033332",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004349",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-435",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-82288",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82288"
},
{
"db": "BID",
"id": "76408"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"db": "NVD",
"id": "CVE-2015-4327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
]
},
"id": "VAR-201508-0494",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-82288"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:01:49.218000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "40518",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40518"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82288"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"db": "NVD",
"id": "CVE-2015-4327"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40518"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/76408"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033332"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4327"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4327"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82288"
},
{
"db": "BID",
"id": "76408"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"db": "NVD",
"id": "CVE-2015-4327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-82288"
},
{
"db": "BID",
"id": "76408"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"db": "NVD",
"id": "CVE-2015-4327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-20T00:00:00",
"db": "VULHUB",
"id": "VHN-82288"
},
{
"date": "2015-08-18T00:00:00",
"db": "BID",
"id": "76408"
},
{
"date": "2015-08-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"date": "2015-08-20T00:59:04.967000",
"db": "NVD",
"id": "CVE-2015-4327"
},
{
"date": "2015-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-82288"
},
{
"date": "2015-08-18T00:00:00",
"db": "BID",
"id": "76408"
},
{
"date": "2015-08-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004349"
},
{
"date": "2017-01-04T15:50:31.227000",
"db": "NVD",
"id": "CVE-2015-4327"
},
{
"date": "2015-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "76408"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Video Communication Server Expressway of CLI In root Privileged vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-435"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…