Vulnerability Details : CVE-2015-4196
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.
Products affected by CVE-2015-4196
- cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:4.4.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4196
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4196
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-4196
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4196
-
http://www.securitytracker.com/id/1032774
Cisco Unified Communications Domain Manager Default Privileged Account Password Lets Remote Users Gain Root Access - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdm
Cisco Unified Communications Domain Manager Default Static Privileged Account CredentialsVendor Advisory
Jump to