exploitDog

CVE-2015-0693

Опубликовано: 15 апр. 2015

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.

Ссылки

http://tools.cisco.com/security/center/viewAlert.x?alertId=38306
Vendor Advisory
http://www.securitytracker.com/id/1032097
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=38306
Vendor Advisory
http://www.securitytracker.com/id/1032097
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:web_security_appliance:8.5_base:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00093

Низкий

7.2 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-xhwq-qc65-7mcj

github

больше 3 лет назад

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.

EPSS

Процентиль: 26%

0.00093

Низкий

7.2 High

CVSS2

Дефекты

CWE-20