Vulnerability Description
The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Application Control Engine 4700 | <= a5_base_3.0 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=40666Vendor Advisory
- http://www.securityfocus.com/bid/76491Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1033381Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/viewAlert.x?alertId=40666Vendor Advisory
- http://www.securityfocus.com/bid/76491Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1033381Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-6265?
CVE-2015-6265 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command ...
How severe is CVE-2015-6265?
CVE-2015-6265 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6265?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Application Control Engine 4700.