CVE-2015-4282

CWE-2644 documents4 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 75.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Mobility Services Engine

Timeline

PublishedNov 6

Latest updateMay 17

Description

Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/mobility_services_engine14 versions+13

🔴Vulnerability Details

GHSA

GHSA-v76g-4r7v-g6m6: Cisco Mobility Services Engine (MSE) through 8↗2022-05-17

▶

CVEList

CVE-2015-4282: Cisco Mobility Services Engine (MSE) through 8↗2015-11-06

▶

📋Vendor Advisories

Cisco

Cisco Mobility Services Engine Privilege Escalation Vulnerability↗2015-11-05

▶