CVE-2015-6335 — Cisco Firesight System Software vulnerability

CWE-2644 documents4 sources

Severity

9.0CRITICALNVD

EPSS

0.3%

top 43.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software

Timeline

PublishedOct 25

Latest updateMay 17

Description

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/firesight_system_software5.3.1.7, 5.4.0.4, 6.0.0+2

🔴Vulnerability Details

GHSA

GHSA-vmwq-5qfw-x847: The policy implementation in Cisco FireSIGHT Management Center 5↗2022-05-17

▶

CVEList

CVE-2015-6335: The policy implementation in Cisco FireSIGHT Management Center 5↗2015-10-25

▶

📋Vendor Advisories

Cisco

Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability↗2015-10-19

▶