CVE-2015-6335 — HIGH (9.0) — White Hats Nepal

Vulnerability Description

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.

CVSS Score

9.0

HIGH

AV:N/AC:L/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Firesight System Software	5.3.1.7

Related Weaknesses (CWE)

CWE-264

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
http://www.securitytracker.com/id/1033873Third Party AdvisoryVDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
http://www.securitytracker.com/id/1033873Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-6335?

CVE-2015-6335 is a vulnerability with a CVSS score of 9.0 (HIGH). The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linu...

How severe is CVE-2015-6335?

CVE-2015-6335 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6335?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firesight System Software.