CVE-2015-0691OS Command Injection in Cisco Secure Desktop

CWE-78OS Command InjectionCWE-2644 documents4 sources
Severity
9.3CRITICALNVD
EPSS
0.7%
top 27.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Desktop
Timeline
PublishedApr 17
Latest updateMay 17

Description

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDcisco/secure_desktop37 versions+36

🔴Vulnerability Details

2
GHSA
GHSA-7x5j-vqwr-gg77: A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a c2022-05-17
CVEList
CVE-2015-0691: A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a c2015-04-17

📋Vendor Advisories

1
Cisco
Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability2015-04-15
CVE-2015-0691 — OS Command Injection in Cisco | cvebase