Details of VAR-201506-0247

ID

VAR-201506-0247

CVE

CVE-2015-4186

TITLE

Cisco Virtualization Experience Client 6215 Managing device firmware Web In the interface OS Vulnerability that can acquire command execution authority

Trust: 0.8

sources: JVNDB: JVNDB-2015-003187

DESCRIPTION

The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412. Cisco Virtualization Experience Client 6000 series devices are prone to a local arbitrary command-execution vulnerability. Local attackers can exploit this issue to execute arbitrary commands on the underlying operating system with root privileges. This issue is being tracked by Cisco bug ID CSCug54412. ,

Trust: 1.98

sources: NVD: CVE-2015-4186 // JVNDB: JVNDB-2015-003187 // BID: 75195 // VULHUB: VHN-82147

AFFECTED PRODUCTS

vendor:	cisco	model:	virtualization experience client 6000 series	scope:	eq	version:	11.2\(27.4\)	Trust: 1.6
vendor:	cisco	model:	virtualization experience client 6000 series	scope:	eq	version:	11.2(27.4)	Trust: 0.8
vendor:	cisco	model:	virtualization experience client 6215	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	virtualization experience client series	scope:	eq	version:	600011.2(27.4)	Trust: 0.3

sources: BID: 75195 // JVNDB: JVNDB-2015-003187 // CNNVD: CNNVD-201506-315 // NVD: CVE-2015-4186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4186
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-4186
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201506-315
value:	HIGH
Trust: 0.6
VULHUB:	VHN-82147
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-4186
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-82147
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82147 // JVNDB: JVNDB-2015-003187 // CNNVD: CNNVD-201506-315 // NVD: CVE-2015-4186

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-82147 // JVNDB: JVNDB-2015-003187 // NVD: CVE-2015-4186

THREAT TYPE

local

Trust: 0.9

sources: BID: 75195 // CNNVD: CNNVD-201506-315

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201506-315

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003187

PATCH

title:

39347

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39347

Trust: 0.8

sources: JVNDB: JVNDB-2015-003187

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4186	Trust: 2.8
db:	BID	id:	75195	Trust: 1.4
db:	SECTRACK	id:	1032583	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003187	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-315	Trust: 0.7
db:	VULHUB	id:	VHN-82147	Trust: 0.1

sources: VULHUB: VHN-82147 // BID: 75195 // JVNDB: JVNDB-2015-003187 // CNNVD: CNNVD-201506-315 // NVD: CVE-2015-4186

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39347	Trust: 2.0
url:	http://www.securityfocus.com/bid/75195	Trust: 1.1
url:	http://www.securitytracker.com/id/1032583	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4186	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4186	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps11976/tsd_products_support_series_home.html	Trust: 0.3

sources: VULHUB: VHN-82147 // BID: 75195 // JVNDB: JVNDB-2015-003187 // CNNVD: CNNVD-201506-315 // NVD: CVE-2015-4186

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 75195

SOURCES

db:	VULHUB	id:	VHN-82147
db:	BID	id:	75195
db:	JVNDB	id:	JVNDB-2015-003187
db:	CNNVD	id:	CNNVD-201506-315
db:	NVD	id:	CVE-2015-4186

LAST UPDATE DATE

2025-04-13T23:22:28.121000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82147	date:	2016-12-07T00:00:00
db:	BID	id:	75195	date:	2015-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-003187	date:	2015-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201506-315	date:	2015-06-29T00:00:00
db:	NVD	id:	CVE-2015-4186	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82147	date:	2015-06-17T00:00:00
db:	BID	id:	75195	date:	2015-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-003187	date:	2015-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201506-315	date:	2015-06-18T00:00:00
db:	NVD	id:	CVE-2015-4186	date:	2015-06-17T10:59:04.883