CVE-2015-0739

CWE-20 — Improper Input Validation5 documents5 sources

Severity

4.0MEDIUM

EPSS

0.3%

top 48.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software

Timeline

PublishedMay 19

Latest updateMay 17

Description

The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/firesight_system_software5.3.0

🔴Vulnerability Details

GHSA

GHSA-96qq-q3wg-46mx: The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5↗2022-05-17

▶

OSV

libssh vulnerabilities↗2016-02-23

▶

CVEList

CVE-2015-0739: The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5↗2015-05-19

▶

📋Vendor Advisories

Cisco

Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability↗2015-05-18

▶