CVE-2015-0767 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Edge 340 Firmware	1.0.0
Cisco	Edge 340	All versions

Related Weaknesses (CWE)

CWE-264

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=39187Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=39187Vendor Advisory

FAQ

What is CVE-2015-0767?

CVE-2015-0767 is a vulnerability with a CVSS score of 7.2 (HIGH). Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132.

How severe is CVE-2015-0767?

CVE-2015-0767 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0767?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Edge 340 Firmware, Cisco Edge 340.