CVE-2015-4282
published 2015-11-06CVE-2015-4282: Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges…
PriorityP420medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.39%
30.8th percentile
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
| cisco | mobility_services_engine | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v76g-4r7v-g6m6: Cisco Mobility Services Engine (MSE) through 8
ghsa_unreviewed·2022-05-17
CVE-2015-4282 [MEDIUM] GHSA-v76g-4r7v-g6m6: Cisco Mobility Services Engine (MSE) through 8
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.
Cisco
Cisco Mobility Services Engine Privilege Escalation Vulnerability
vendor_cisco·2015-11-05·CVSS 6.8
CVE-2015-4282 [MEDIUM] CWE-264 Cisco Mobility Services Engine Privilege Escalation Vulnerability
Cisco Mobility Services Engine Privilege Escalation Vulnerability
A vulnerability in the installation procedure of the Cisco Mobility Services Engine (MSE) appliance could allow an authenticated, local attacker to escalate to the root level.
The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or virtual appliance install procedure. An attacker could exploit this vulnerability by logging into the device and escalating their privileges. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the device.
Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link:
Cisco
Cisco Mobility Services Engine Privilege Escalation Vulnerability
vendor_cisco
CVE-2015-4282 Cisco Mobility Services Engine Privilege Escalation Vulnerability
CVE-2015-4282: Cisco Mobility Services Engine Privilege Escalation Vulnerability
A vulnerability in the installation procedure of the Cisco Mobility Services Engine (MSE) appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or virtual appliance install procedure. An attacker could exploit this vulnerability by logging into the device and escalating their privileges. A successful exploit could allow the attacker to acquire root -level privileges and take full control of the device. Cisco has released software updates that address this vulnerability. There are no
CWE: CWE-264, CWE-264
Bug IDs: CSCuv40504
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmsehttp://www.securityfocus.com/bid/77435http://www.securitytracker.com/id/1034066http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmsehttp://www.securityfocus.com/bid/77435http://www.securitytracker.com/id/1034066
2015-11-06
Published