VAR-201502-0120
Vulnerability from variot - Updated: 2023-12-18 12:45The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. Vendors have confirmed this vulnerability Bug ID CSCus38947 It is released as.By the local user via any unspecified parameters OS The command may be executed. The basic system is Android. The Cisco Desktop Collaboration Experience DX650 has a command injection vulnerability that allows an attacker to exploit a vulnerability to inject shell commands and execute it because the image update feature does not adequately filter input during the upgrade. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. This issue is being tracked by Cisco bug ID CSCus38947
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desktop collaboration experience dx650",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "desktop collaboration experience dx650",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.2"
},
{
"model": "desktop collaboration experience dx650",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"db": "NVD",
"id": "CVE-2015-0584"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:desktop_collaboration_experience_dx650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0584"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "72696"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0584",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-0584",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CNVD-2015-01222",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-78530",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0584",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-01222",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-399",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-78530",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"db": "VULHUB",
"id": "VHN-78530"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"db": "NVD",
"id": "CVE-2015-0584"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. Vendors have confirmed this vulnerability Bug ID CSCus38947 It is released as.By the local user via any unspecified parameters OS The command may be executed. The basic system is Android. The Cisco Desktop Collaboration Experience DX650 has a command injection vulnerability that allows an attacker to exploit a vulnerability to inject shell commands and execute it because the image update feature does not adequately filter input during the upgrade. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. \nThis issue is being tracked by Cisco bug ID CSCus38947",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0584"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"db": "BID",
"id": "72696"
},
{
"db": "VULHUB",
"id": "VHN-78530"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0584",
"trust": 3.4
},
{
"db": "BID",
"id": "72696",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-399",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01222",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78530",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"db": "VULHUB",
"id": "VHN-78530"
},
{
"db": "BID",
"id": "72696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"db": "NVD",
"id": "CVE-2015-0584"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
]
},
"id": "VAR-201502-0120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"db": "VULHUB",
"id": "VHN-78530"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01222"
}
]
},
"last_update_date": "2023-12-18T12:45:07.951000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Collaboration Desk Experience Endpoints Command Injection Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0584"
},
{
"title": "37534",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37534"
},
{
"title": "Cisco Desktop Collaboration Experience DX650 Command Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55513"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78530"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"db": "NVD",
"id": "CVE-2015-0584"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0584"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/72696"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0584"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0584"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"db": "VULHUB",
"id": "VHN-78530"
},
{
"db": "BID",
"id": "72696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"db": "NVD",
"id": "CVE-2015-0584"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"db": "VULHUB",
"id": "VHN-78530"
},
{
"db": "BID",
"id": "72696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"db": "NVD",
"id": "CVE-2015-0584"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"date": "2015-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-78530"
},
{
"date": "2015-02-19T00:00:00",
"db": "BID",
"id": "72696"
},
{
"date": "2015-02-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"date": "2015-02-20T02:59:00.067000",
"db": "NVD",
"id": "CVE-2015-0584"
},
{
"date": "2015-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01222"
},
{
"date": "2015-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-78530"
},
{
"date": "2015-03-19T07:31:00",
"db": "BID",
"id": "72696"
},
{
"date": "2015-02-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001572"
},
{
"date": "2015-11-27T19:17:57.280000",
"db": "NVD",
"id": "CVE-2015-0584"
},
{
"date": "2015-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "72696"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Desktop Collaboration Experience DX650 Endpoint image-upgrade Any in the implementation of OS Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001572"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-399"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…