← Back

CVE-2015-0691

nvd nist
Published: Apr 17, 2015Modified: May 6, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

Affected (37)

Cisco
1 product
Secure Desktop
Configuration A
37 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Secure Desktop
Version 3.0_base
Secure Desktop
Version 3.1.0.31
Secure Desktop
Version 3.1.1.45
Secure Desktop
Version 3.1.1
Secure Desktop
Version 3.1_base
Secure Desktop
Version 3.2.0.136
Secure Desktop
Version 3.2.1.103
Secure Desktop
Version 3.2.1.126
Secure Desktop
Version 3.2_base
Secure Desktop
Version 3.3.0.118
Secure Desktop
Version 3.3.0.151
Secure Desktop
Version 3.3_base
Secure Desktop
Version 3.4.0373
Secure Desktop
Version 3.4.1108
Secure Desktop
Version 3.4.2048
Secure Desktop
Version 3.4_base
Secure Desktop
Version 3.5.1077
Secure Desktop
Version 3.5.2001
Secure Desktop
Version 3.5.2003
Secure Desktop
Version 3.5.2008
Secure Desktop
Version 3.5.841
Secure Desktop
Version 3.5_base
Secure Desktop
Version 3.6.1001
Secure Desktop
Version 3.6.181
Secure Desktop
Version 3.6.185
Secure Desktop
Version 3.6.2002
Secure Desktop
Version 3.6.3002
Secure Desktop
Version 3.6.4021
Secure Desktop
Version 3.6.5005
Secure Desktop
Version 3.6.6020
Secure Desktop
Version 3.6.6104
Secure Desktop
Version 3.6.6203
Secure Desktop
Version 3.6.6210
Secure Desktop
Version 3.6.6228
Secure Desktop
Version 3.6.6234
Secure Desktop
Version 3.6.6249
Secure Desktop
Version 3.6_base

Related CWEs

CWE-264
CWE-264
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

Source: psirt@cisco.com
MitigationVendor Advisory
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.