Command Injection Vulnerability in Cisco Virtualization Experience Client 6215
CVE-2015-4186

Currently unrated

Key Information:

Vendor
Cisco
Status
Virtualization Experience Client 6000 Series Firmware
Vendor
CVE Published:
17 June 2015

Summary

A command injection vulnerability existing in the administrative web interface of Cisco's Virtualization Experience Client 6215 can be exploited by local users to gain elevated privileges, allowing execution of arbitrary operating system commands. This occurs due to the mishandling of option values within the diagnostics subsystem. Immediate action is advised to mitigate the risk associated with this vulnerability.

References

http://www.securityfocus.com/bid/75195
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1032583
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertI...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.