PT-2015-1326 · Cisco · Cisco Virtualization Experience (Vxc) Client 6215

Published

2015-06-17

Updated

2016-12-07

CVE-2015-4186

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Virtualization Experience (VXC) Client 6215 version 11.2(27.4)

Description The diagnostics subsystem in the administrative web interface allows local users to gain privileges for OS command execution via a crafted option value. This issue exists due to the lack of neutralization of special elements used in the operating system command. Exploitation of this issue may allow an attacker, acting locally, to obtain privileges that permit execution of operating system commands by modifying certain values.

Recommendations For Cisco Virtualization Experience (VXC) Client 6215 version 11.2(27.4), at the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2015-10397

CVE-2015-4186

Affected Products

Cisco Virtualization Experience (Vxc) Client 6215

PT-2015-1326 · Cisco · Cisco Virtualization Experience (Vxc) Client 6215

CVE-2015-4186

Weakness Enumeration

Related Identifiers

Affected Products

References · 5