CVE-2015-0691

Cisco Secure Desktop - Remote Code Execution via Crafted Web Site

Title source: llm
STIX 2.1

Description

A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.

References (2)

Core 2
Core References
Mitigation, Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032140

Scores

EPSS 0.0307
EPSS Percentile 86.0%

Details

CWE
CWE-264 CWE-78
Status published
Products (37)
cisco/secure_desktop 3.0_base
cisco/secure_desktop 3.1.0.31
cisco/secure_desktop 3.1.1
cisco/secure_desktop 3.1.1.45
cisco/secure_desktop 3.1_base
cisco/secure_desktop 3.2.0.136
cisco/secure_desktop 3.2.1.103
cisco/secure_desktop 3.2.1.126
cisco/secure_desktop 3.2_base
cisco/secure_desktop 3.3.0.118
... and 27 more
Published Apr 17, 2015
Tracked Since Feb 18, 2026