CVE-2015-4282 - OpenCVE

Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Mobility Services Engine

Configuration 1 [-]

OR	cpe:2.3:a:cisco:mobility_services_engine:5.1_base:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:5.2_base:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:6.0_base:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.0_base:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.4.100.0:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.4.110.0:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.4.121.0:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.4_base:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.5.102.101:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.6.100.0:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.6.120.0:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:7.6.132.0:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:8.0\(110.0\):::::::*
	cpe:2.3:a:cisco:mobility_services_engine:8.0_base:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse
http://www.securityfocus.com/bid/77435
http://www.securitytracker.com/id/1034066

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2015-11-06T11:00:00

Updated: 2024-08-06T06:11:12.193Z

Reserved: 2015-06-04T00:00:00

Link: CVE-2015-4282

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-11-06T11:59:00.120

Modified: 2017-01-06T16:55:48.363

Link: CVE-2015-4282

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-04T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T10:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20151104 Cisco Mobility Services Engine Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse"}, {"name": "1034066", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034066"}, {"name": "77435", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77435"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-4282", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20151104 Cisco Mobility Services Engine Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse"}, {"name": "1034066", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034066"}, {"name": "77435", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77435"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:11:12.193Z"}, "title": "CVE Program Container", "references": [{"name": "20151104 Cisco Mobility Services Engine Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse"}, {"name": "1034066", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034066"}, {"name": "77435", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77435"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-4282", "datePublished": "2015-11-06T11:00:00", "dateReserved": "2015-06-04T00:00:00", "dateUpdated": "2024-08-06T06:11:12.193Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:mobility_services_engine:5.1_base:*:*:*:*:*:*:*", "matchCriteriaId": "A26E1426-1345-49ED-95AB-DA0F2FF36C9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:5.2_base:*:*:*:*:*:*:*", "matchCriteriaId": "F9403633-6299-4FBD-A945-17339034F2DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:6.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "189A0B7E-1042-4C08-BF2F-B80AE2227E0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "EEE771FF-9D5A-4EE9-A7A5-DADCE0D3FA5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.4.100.0:*:*:*:*:*:*:*", "matchCriteriaId": "ADA25694-139F-40C4-AE22-A4AF696E4472", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.4.110.0:*:*:*:*:*:*:*", "matchCriteriaId": "24240518-287C-4660-85C4-739659348E71", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.4.121.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7B3E19E-38EB-488B-9C86-CFF71E1DB705", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.4_base:*:*:*:*:*:*:*", "matchCriteriaId": "7733AF02-FFE6-4AFF-9F83-5A51EA247467", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.5.102.101:*:*:*:*:*:*:*", "matchCriteriaId": "137CEA79-692B-4607-A69E-D8284DD320CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.6.100.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB805389-DA84-48B9-9EB3-A0E3FC420A83", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.6.120.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A6698F9-7333-49C3-B7B6-3D938C1B2368", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:7.6.132.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA6F1EB9-D354-436C-A93D-18A69495E6AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:8.0\\(110.0\\):*:*:*:*:*:*:*", "matchCriteriaId": "E59BCB1F-A4A7-443C-BB49-4B189820B326", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mobility_services_engine:8.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "B656F50D-6EF5-44C8-A67F-BB5631908400", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504."}, {"lang": "es", "value": "Cisco Mobility Services Engine (MSE) hasta la versi\u00f3n 8.0.120.7 utiliza permisos d\u00e9biles para archivos binarios no especificados, lo que permite a usuarios locales obtener privilegios root escribiendo en un archivo, tambi\u00e9n conocido como Bug ID CSCuv40504"}], "id": "CVE-2015-4282", "lastModified": "2017-01-06T16:55:48.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-06T11:59:00.120", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/77435"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034066"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}