CVE-2015-0660
First published: Sat Mar 14 2015(Updated: )
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco TelePresence Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0660?
CVE-2015-0660 is rated as a high-severity vulnerability due to its potential for local users to execute arbitrary OS commands as root.
How do I fix CVE-2015-0660?
To fix CVE-2015-0660, update to the latest version of Cisco TelePresence Server Software that addresses this vulnerability.
Who is affected by CVE-2015-0660?
CVE-2015-0660 affects users of Cisco TelePresence Server Software with access to the serial port.
What kind of attack is possible with CVE-2015-0660?
An attacker can leverage vSphere controller administrative privileges to execute arbitrary OS commands on the vulnerable system.
Is CVE-2015-0660 related to physical access vulnerabilities?
Yes, CVE-2015-0660 allows local users with physical access to the device to exploit the vulnerability.
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco telepresence server