Details of VAR-201506-0159

ID

VAR-201506-0159

CVE

CVE-2015-0767

TITLE

Cisco Edge 340 Device Cisco Edge 300 Vulnerability in software with root privileges

Trust: 0.8

sources: JVNDB: JVNDB-2015-002958

DESCRIPTION

Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. Successful exploits will result in the complete compromise of affected computers. This issue is being tracked by Cisco Bug ID CSCur18132. The former is a digital signage multimedia player device; the latter is a 300 series intelligent open access platform integrating wireless and switch functions

Trust: 2.61

sources: NVD: CVE-2015-0767 // JVNDB: JVNDB-2015-002958 // CNVD: CNVD-2015-03752 // BID: 75027 // VULHUB: VHN-78713 // VULMON: CVE-2015-0767

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03752

AFFECTED PRODUCTS

vendor:	cisco	model:	edge 340	scope:	eq	version:	1.0.0	Trust: 1.6
vendor:	cisco	model:	edge 340	scope:	eq	version:	1.1.0	Trust: 1.6
vendor:	cisco	model:	edge 340	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	edge 340	scope:	eq	version:	1.0 (cisco edge 300 series software )	Trust: 0.8
vendor:	cisco	model:	edge 340	scope:	eq	version:	1.1 (cisco edge 300 series software )	Trust: 0.8
vendor:	cisco	model:	edge series	scope:	eq	version:	3001.0.0	Trust: 0.6
vendor:	cisco	model:	edge series	scope:	eq	version:	3001.1.0	Trust: 0.6
vendor:	cisco	model:	edge series	scope:	eq	version:	3400	Trust: 0.3
vendor:	cisco	model:	edge series	scope:	eq	version:	3001.1	Trust: 0.3
vendor:	cisco	model:	edge series	scope:	eq	version:	3001.0	Trust: 0.3

sources: CNVD: CNVD-2015-03752 // BID: 75027 // JVNDB: JVNDB-2015-002958 // CNNVD: CNNVD-201506-098 // NVD: CVE-2015-0767

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0767
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0767
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-03752
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-098
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78713
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-0767
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0767
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-03752
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78713
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03752 // VULHUB: VHN-78713 // VULMON: CVE-2015-0767 // JVNDB: JVNDB-2015-002958 // CNNVD: CNNVD-201506-098 // NVD: CVE-2015-0767

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-78713 // JVNDB: JVNDB-2015-002958 // NVD: CVE-2015-0767

THREAT TYPE

local

Trust: 0.9

sources: BID: 75027 // CNNVD: CNNVD-201506-098

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201506-098

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002958

PATCH

title:	39187	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39187	Trust: 0.8
title:	Patch for Cisco Edge 300/340 Series Local Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/59580	Trust: 0.6
title:	Cisco: Cisco Edge 340 Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150605-CVE-2015-0767	Trust: 0.1

sources: CNVD: CNVD-2015-03752 // VULMON: CVE-2015-0767 // JVNDB: JVNDB-2015-002958

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0767	Trust: 3.5
db:	BID	id:	75027	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002958	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-098	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03752	Trust: 0.6
db:	VULHUB	id:	VHN-78713	Trust: 0.1
db:	VULMON	id:	CVE-2015-0767	Trust: 0.1

sources: CNVD: CNVD-2015-03752 // VULHUB: VHN-78713 // VULMON: CVE-2015-0767 // BID: 75027 // JVNDB: JVNDB-2015-002958 // CNNVD: CNNVD-201506-098 // NVD: CVE-2015-0767

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39187	Trust: 2.1
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0767	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0767	Trust: 0.8
url:	http://www.securityfocus.com/bid/75027	Trust: 0.7
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150605-cve-2015-0767	Trust: 0.1

sources: CNVD: CNVD-2015-03752 // VULHUB: VHN-78713 // VULMON: CVE-2015-0767 // BID: 75027 // JVNDB: JVNDB-2015-002958 // CNNVD: CNNVD-201506-098 // NVD: CVE-2015-0767

CREDITS

Cisco

Trust: 0.3

sources: BID: 75027

SOURCES

db:	CNVD	id:	CNVD-2015-03752
db:	VULHUB	id:	VHN-78713
db:	VULMON	id:	CVE-2015-0767
db:	BID	id:	75027
db:	JVNDB	id:	JVNDB-2015-002958
db:	CNNVD	id:	CNNVD-201506-098
db:	NVD	id:	CVE-2015-0767

LAST UPDATE DATE

2025-04-12T23:36:56.013000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03752	date:	2015-06-12T00:00:00
db:	VULHUB	id:	VHN-78713	date:	2015-06-08T00:00:00
db:	VULMON	id:	CVE-2015-0767	date:	2015-06-08T00:00:00
db:	BID	id:	75027	date:	2015-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-002958	date:	2015-06-09T00:00:00
db:	CNNVD	id:	CNNVD-201506-098	date:	2015-06-10T00:00:00
db:	NVD	id:	CVE-2015-0767	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03752	date:	2015-06-12T00:00:00
db:	VULHUB	id:	VHN-78713	date:	2015-06-07T00:00:00
db:	VULMON	id:	CVE-2015-0767	date:	2015-06-07T00:00:00
db:	BID	id:	75027	date:	2015-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-002958	date:	2015-06-09T00:00:00
db:	CNNVD	id:	CNNVD-201506-098	date:	2015-06-08T00:00:00
db:	NVD	id:	CVE-2015-0767	date:	2015-06-07T18:59:04.577