Details of VAR-201508-0092

ID

VAR-201508-0092

CVE

CVE-2015-6265

TITLE

Cisco ACE 4700 series Application Control Engine Appliance CLI Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-004471

DESCRIPTION

The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662. The Cisco Application Control Engine 4700 A5 is a next-generation load balancing and application delivery solution for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. A local attacker may exploit this issue to gain elevated system privileges on the device. This issue is being tracked by Cisco Bug ID CSCur23662

Trust: 2.52

sources: NVD: CVE-2015-6265 // JVNDB: JVNDB-2015-004471 // CNVD: CNVD-2015-05781 // BID: 76491 // VULHUB: VHN-84226

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05781

AFFECTED PRODUCTS

vendor:	cisco	model:	application control engine 4700	scope:	lte	version:	a5_base_3.0	Trust: 1.0
vendor:	cisco	model:	ace 4700 series application control engine the appliance software	scope:	eq	version:	a5 base	Trust: 0.8
vendor:	cisco	model:	ace 4700 series application control engine the appliance software	scope:	eq	version:	3.0	Trust: 0.8
vendor:	cisco	model:	application control engine <=a5	scope:	eq	version:	47003.0	Trust: 0.6
vendor:	cisco	model:	application control engine 4700	scope:	eq	version:	a5_base_3.0	Trust: 0.6

sources: CNVD: CNVD-2015-05781 // JVNDB: JVNDB-2015-004471 // CNNVD: CNNVD-201508-558 // NVD: CVE-2015-6265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6265
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6265
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-05781
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201508-558
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84226
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6265
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05781
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84226
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05781 // VULHUB: VHN-84226 // JVNDB: JVNDB-2015-004471 // CNNVD: CNNVD-201508-558 // NVD: CVE-2015-6265

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.1
problemtype:	CWE-79	Trust: 0.8

sources: VULHUB: VHN-84226 // JVNDB: JVNDB-2015-004471 // NVD: CVE-2015-6265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-558

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201508-558

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004471

PATCH

title:	40666	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40666	Trust: 0.8
title:	Cisco Application Control Engine 4700 A5 Security Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/63331	Trust: 0.6

sources: CNVD: CNVD-2015-05781 // JVNDB: JVNDB-2015-004471

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6265	Trust: 3.4
db:	BID	id:	76491	Trust: 1.4
db:	SECTRACK	id:	1033381	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004471	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-558	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05781	Trust: 0.6
db:	VULHUB	id:	VHN-84226	Trust: 0.1

sources: CNVD: CNVD-2015-05781 // VULHUB: VHN-84226 // BID: 76491 // JVNDB: JVNDB-2015-004471 // CNNVD: CNNVD-201508-558 // NVD: CVE-2015-6265

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40666	Trust: 2.3
url:	http://www.securityfocus.com/bid/76491	Trust: 1.1
url:	http://www.securitytracker.com/id/1033381	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6265	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6265	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-05781 // VULHUB: VHN-84226 // BID: 76491 // JVNDB: JVNDB-2015-004471 // CNNVD: CNNVD-201508-558 // NVD: CVE-2015-6265

CREDITS

Jens Krabbenhoeft of Rauscher networX.

Trust: 0.3

sources: BID: 76491

SOURCES

db:	CNVD	id:	CNVD-2015-05781
db:	VULHUB	id:	VHN-84226
db:	BID	id:	76491
db:	JVNDB	id:	JVNDB-2015-004471
db:	CNNVD	id:	CNNVD-201508-558
db:	NVD	id:	CVE-2015-6265

LAST UPDATE DATE

2025-04-13T23:39:06.012000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05781	date:	2015-09-01T00:00:00
db:	VULHUB	id:	VHN-84226	date:	2017-01-04T00:00:00
db:	BID	id:	76491	date:	2015-10-26T16:22:00
db:	JVNDB	id:	JVNDB-2015-004471	date:	2015-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201508-558	date:	2015-09-10T00:00:00
db:	NVD	id:	CVE-2015-6265	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05781	date:	2015-09-01T00:00:00
db:	VULHUB	id:	VHN-84226	date:	2015-08-27T00:00:00
db:	BID	id:	76491	date:	2015-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2015-004471	date:	2015-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201508-558	date:	2015-08-27T00:00:00
db:	NVD	id:	CVE-2015-6265	date:	2015-08-27T02:59:15.077