Vulnerability Details : CVE-2015-6265
The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662.
Products affected by CVE-2015-6265
- cpe:2.3:h:cisco:application_control_engine_4700:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6265
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6265
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-6265
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6265
-
http://www.securitytracker.com/id/1033381
Cisco Application Control Engine 4710 Lets Local Users Read and Modify Files on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/76491
Cisco Application Control Engine 4700 Series CVE-2015-6265 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=40666
Cisco ACE 4710 and ACE30 Application Control Engine CLI Privilege Escalation VulnerabilityVendor Advisory
Jump to