Vulnerability Details : CVE-2015-4186
The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412.
Products affected by CVE-2015-4186
- cpe:2.3:o:cisco:virtualization_experience_client_6000_series_firmware:11.2\(27.4\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4186
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4186
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-4186
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4186
-
http://www.securitytracker.com/id/1032583
Cisco Virtualization Experience Client Input Validation Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=39347
Cisco Virtualization Experience Client 6215 Devices Command Injection VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/75195
Cisco Virtualization Experience Client 6000 Series Local Arbitrary Command Execution Vulnerability
Jump to