Vulnerability Description
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence Server Software | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660Vendor Advisory
- http://www.securitytracker.com/id/1031924
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0660Vendor Advisory
- http://www.securitytracker.com/id/1031924
FAQ
What is CVE-2015-0660?
CVE-2015-0660 is a vulnerability with a CVSS score of 7.2 (HIGH). Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller adminis...
How severe is CVE-2015-0660?
CVE-2015-0660 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0660?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence Server Software.