CVE-2015-0660

Published: Mar 14, 2015Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.

Affected (1)

Products: Cisco: Telepresence Server Software

Cisco

1 product

Telepresence Server Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Server Software	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1031924

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1031924

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.