Vulnerability Details : CVE-2015-6335
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.
Products affected by CVE-2015-6335
- cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6335
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6335
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2015-6335
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6335
-
http://www.securitytracker.com/id/1033873
Cisco FireSIGHT Management Center for VMware Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc
Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation VulnerabilityVendor Advisory
Jump to