Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0660

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2015-0660
Last Modified 18 Mar 2015 10:00:22
Published 13 Mar 2015 09:59:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-0660

Summary

Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.

Vulnerable Systems

Application

  • Cisco Telepresence Server Software


References

CISCO - 20150312 Cisco Virtual TelePresence Server Serial Console Privileged Access

SECTRACK - 1031924


Last Updated: 27 May 2016 11:08:06