{"api_version":"1","generated_at":"2026-04-23T09:51:10+00:00","cve":"CVE-2015-0660","urls":{"html":"https://cve.report/CVE-2015-0660","api":"https://cve.report/api/cve/CVE-2015-0660.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-0660","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-0660"},"summary":{"title":"CVE-2015-0660","description":"Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2015-03-14 01:59:00","updated_at":"2015-10-28 02:17:00"},"problem_types":["CWE-284"],"metrics":[],"references":[{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660","name":"20150312 Cisco Virtual TelePresence Server Serial Console Privileged Access","refsource":"CISCO","tags":["Vendor Advisory"],"title":"Cisco Virtual TelePresence Server Serial Console Privileged Access Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1031924","name":"1031924","refsource":"SECTRACK","tags":[],"title":"Cisco Virtual TelePresence Server Serial Console Lets Local Users Gain Root Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-0660","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0660","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"660","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_server_software","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"660","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_server_software","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2015-0660","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1031924","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1031924"},{"name":"20150312 Cisco Virtual TelePresence Server Serial Console Privileged Access","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660"}]}},"nvd":{"publishedDate":"2015-03-14 01:59:00","lastModifiedDate":"2015-10-28 02:17:00","problem_types":["CWE-284"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:telepresence_server_software:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"660","Ordinal":"77331","Title":"CVE-2015-0660","CVE":"CVE-2015-0660","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"660","Ordinal":"1","NoteData":"Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"660","Ordinal":"2","NoteData":"2015-03-13","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"660","Ordinal":"3","NoteData":"2015-03-17","Type":"Other","Title":"Modified"}]}}}