CVE-2015-0660
Summary
| CVE | CVE-2015-0660 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-03-14 01:59:00 UTC |
| Updated | 2015-10-28 02:17:00 UTC |
| Description | Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123. |
Risk And Classification
Problem Types: CWE-284
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Telepresence Server Software | All | All | All | All |
| Application | Cisco | Telepresence Server Software | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Virtual TelePresence Server Serial Console Privileged Access Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco Virtual TelePresence Server Serial Console Lets Local Users Gain Root Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.