CVE-2015-0691

EPSS 0.71%
Published 17.04.2015 01:59:25
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Secure Desktop Version3.0_base

Cisco ≫ Secure Desktop Version3.1.0.31

Cisco ≫ Secure Desktop Version3.1.1

Cisco ≫ Secure Desktop Version3.1.1.45

Cisco ≫ Secure Desktop Version3.1_base

Cisco ≫ Secure Desktop Version3.2.0.136

Cisco ≫ Secure Desktop Version3.2.1.103

Cisco ≫ Secure Desktop Version3.2.1.126

Cisco ≫ Secure Desktop Version3.2_base

Cisco ≫ Secure Desktop Version3.3.0.118

Cisco ≫ Secure Desktop Version3.3.0.151

Cisco ≫ Secure Desktop Version3.3_base

Cisco ≫ Secure Desktop Version3.4.0373

Cisco ≫ Secure Desktop Version3.4.1108

Cisco ≫ Secure Desktop Version3.4.2048

Cisco ≫ Secure Desktop Version3.4_base

Cisco ≫ Secure Desktop Version3.5.841

Cisco ≫ Secure Desktop Version3.5.1077

Cisco ≫ Secure Desktop Version3.5.2001

Cisco ≫ Secure Desktop Version3.5.2003

Cisco ≫ Secure Desktop Version3.5.2008

Cisco ≫ Secure Desktop Version3.5_base

Cisco ≫ Secure Desktop Version3.6.181

Cisco ≫ Secure Desktop Version3.6.185

Cisco ≫ Secure Desktop Version3.6.1001

Cisco ≫ Secure Desktop Version3.6.2002

Cisco ≫ Secure Desktop Version3.6.3002

Cisco ≫ Secure Desktop Version3.6.4021

Cisco ≫ Secure Desktop Version3.6.5005

Cisco ≫ Secure Desktop Version3.6.6020

Cisco ≫ Secure Desktop Version3.6.6104

Cisco ≫ Secure Desktop Version3.6.6203

Cisco ≫ Secure Desktop Version3.6.6210

Cisco ≫ Secure Desktop Version3.6.6228

Cisco ≫ Secure Desktop Version3.6.6234

Cisco ≫ Secure Desktop Version3.6.6249

Cisco ≫ Secure Desktop Version3.6_base

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.71%	0.712

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd

Vendor Advisory

Mitigation

http://www.securitytracker.com/id/1032140

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2015-0691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0691

EUVD