National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2015-0691 Detail

Current Description

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

Source:  MITRE
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 9.3 HIGH
Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Victim must voluntarily interact with attack mechanism
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd Mitigation Vendor Advisory
http://www.securitytracker.com/id/1032140 Third Party Advisory VDB Entry

Technical Details

Vulnerability Type (View All)

  • Permissions, Privileges, and Access Control (CWE-264)
  • OS Command Injections (CWE-78)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:cisco:secure_desktop:3.0_base
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.1.0.31
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.1.1
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.1.1.45
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.1_base
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.2.0.136
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.2.1.103
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.2.1.126
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.2_base
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.3.0.118
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.3.0.151
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.3_base
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.4.0373
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.4.1108
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.4.2048
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.4_base
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.5.841
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.5.1077
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.5.2001
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.5.2003
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.5.2008
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.5_base
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.181
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.185
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.1001
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.2002
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.3002
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.4021
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.5005
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.6020
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.6104
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.6203
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.6210
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.6228
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.6234
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6.6249
     Show Matching CPE(s)
 cpe:/a:cisco:secure_desktop:3.6_base
     Show Matching CPE(s)


Change History

4 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2015-0691
NVD Published Date:
04/16/2015
NVD Last Modified:
01/06/2017