CVE-2015-6265

{"id": "CVE-2015-6265", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-08-27T02:59:15.077", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40666", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/76491", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1033381", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40666", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/76491", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1033381", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662."}, {"lang": "es", "value": "Vulnerabilidad en la CLI en Cisco Application Control Engine (ACE) 4700 A5 3.0 y versiones anteriores, permite a usuarios locales evadir las restricciones destinadas al acceso y leer o escribir a archivos mediante la inserci\u00f3n de comandos CLI no especificados con un archivo manipulado como entrada de este comando, tambi\u00e9n conocida como Bug ID CSCur23662."}], "lastModified": "2024-11-21T02:34:40.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:application_control_engine_4700:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CACF839-835D-44AD-BDA4-36B8262F9880", "versionEndIncluding": "a5_base_3.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}