Details of VAR-201502-0120

ID

VAR-201502-0120

CVE

CVE-2015-0584

TITLE

Cisco Desktop Collaboration Experience DX650 Endpoint image-upgrade Any in the implementation of OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001572

DESCRIPTION

The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. Vendors have confirmed this vulnerability Bug ID CSCus38947 It is released as.By the local user via any unspecified parameters OS The command may be executed. The basic system is Android. The Cisco Desktop Collaboration Experience DX650 has a command injection vulnerability that allows an attacker to exploit a vulnerability to inject shell commands and execute it because the image update feature does not adequately filter input during the upgrade. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. This issue is being tracked by Cisco bug ID CSCus38947

Trust: 2.52

sources: NVD: CVE-2015-0584 // JVNDB: JVNDB-2015-001572 // CNVD: CNVD-2015-01222 // BID: 72696 // VULHUB: VHN-78530

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-01222

AFFECTED PRODUCTS

vendor:	cisco	model:	desktop collaboration experience dx650	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	desktop collaboration experience dx650	scope:	eq	version:	10.2	Trust: 0.8
vendor:	cisco	model:	desktop collaboration experience dx650	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2015-01222 // JVNDB: JVNDB-2015-001572 // CNNVD: CNNVD-201502-399 // NVD: CVE-2015-0584

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0584
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0584
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-01222
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201502-399
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78530
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0584
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-01222
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78530
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-01222 // VULHUB: VHN-78530 // JVNDB: JVNDB-2015-001572 // CNNVD: CNNVD-201502-399 // NVD: CVE-2015-0584

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78530 // JVNDB: JVNDB-2015-001572 // NVD: CVE-2015-0584

THREAT TYPE

local

Trust: 0.9

sources: BID: 72696 // CNNVD: CNNVD-201502-399

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201502-399

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001572

PATCH

title:	Cisco Collaboration Desk Experience Endpoints Command Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0584	Trust: 0.8
title:	37534	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37534	Trust: 0.8
title:	Cisco Desktop Collaboration Experience DX650 Command Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/55513	Trust: 0.6

sources: CNVD: CNVD-2015-01222 // JVNDB: JVNDB-2015-001572

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0584	Trust: 3.4
db:	BID	id:	72696	Trust: 2.0
db:	JVNDB	id:	JVNDB-2015-001572	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-399	Trust: 0.7
db:	CNVD	id:	CNVD-2015-01222	Trust: 0.6
db:	VULHUB	id:	VHN-78530	Trust: 0.1

sources: CNVD: CNVD-2015-01222 // VULHUB: VHN-78530 // BID: 72696 // JVNDB: JVNDB-2015-001572 // CNNVD: CNNVD-201502-399 // NVD: CVE-2015-0584

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0584	Trust: 2.3
url:	http://www.securityfocus.com/bid/72696	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0584	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0584	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-01222 // VULHUB: VHN-78530 // BID: 72696 // JVNDB: JVNDB-2015-001572 // CNNVD: CNNVD-201502-399 // NVD: CVE-2015-0584

CREDITS

Cisco

Trust: 0.3

sources: BID: 72696

SOURCES

db:	CNVD	id:	CNVD-2015-01222
db:	VULHUB	id:	VHN-78530
db:	BID	id:	72696
db:	JVNDB	id:	JVNDB-2015-001572
db:	CNNVD	id:	CNNVD-201502-399
db:	NVD	id:	CVE-2015-0584

LAST UPDATE DATE

2025-04-13T23:21:18.687000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-01222	date:	2015-02-27T00:00:00
db:	VULHUB	id:	VHN-78530	date:	2015-11-27T00:00:00
db:	BID	id:	72696	date:	2015-03-19T07:31:00
db:	JVNDB	id:	JVNDB-2015-001572	date:	2015-02-24T00:00:00
db:	CNNVD	id:	CNNVD-201502-399	date:	2015-03-02T00:00:00
db:	NVD	id:	CVE-2015-0584	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-01222	date:	2015-02-27T00:00:00
db:	VULHUB	id:	VHN-78530	date:	2015-02-20T00:00:00
db:	BID	id:	72696	date:	2015-02-19T00:00:00
db:	JVNDB	id:	JVNDB-2015-001572	date:	2015-02-24T00:00:00
db:	CNNVD	id:	CNNVD-201502-399	date:	2015-02-19T00:00:00
db:	NVD	id:	CVE-2015-0584	date:	2015-02-20T02:59:00.067