cvelistv5 - cve-2015-4224

CVE-2015-4224 (GCVE-0-2015-4224)

Vulnerability from cvelistv5

Published

2015-06-26 10:00

Modified

2024-08-06 06:11

Severity ?

CWE

Summary

Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201506-0312

Vulnerability from variot

Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. OS A command execution vulnerability exists. The product provides security policy, intrusion detection and other functions in the wireless LAN. A security vulnerability exists in Cisco WLC devices that use version 7.0 (240.0) software. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCuj39474

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0312",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless lan controller software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(240.0\\)"
      },
      {
        "model": "wireless lan controller software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0(240.0)"
      },
      {
        "model": "wireless lan controller devices with software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.0(240.0)"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0(240.0)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "db": "BID",
        "id": "75415"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4224"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:wireless_lan_controller_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "75415"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4224",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-4224",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2015-04193",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-82185",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-4224",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-4224",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-04193",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-576",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82185",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4224"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. OS A command execution vulnerability exists. The product provides security policy, intrusion detection and other functions in the wireless LAN. A security vulnerability exists in Cisco WLC devices that use version 7.0 (240.0) software. Successful exploits may compromise the   affected device. \nThis issue being tracked by Cisco Bug ID CSCuj39474",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4224"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "db": "BID",
        "id": "75415"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82185"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4224",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "75415",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1032728",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-576",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-82185",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82185"
      },
      {
        "db": "BID",
        "id": "75415"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4224"
      }
    ]
  },
  "id": "VAR-201506-0312",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82185"
      }
    ],
    "trust": 1.46715547
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:13:29.125000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39517",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39517"
      },
      {
        "title": "Cisco Wireless LAN Controller devices with software patch for any operating system command execution vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/60304"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4224"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39517"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/75415"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032728"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4224"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4224"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82185"
      },
      {
        "db": "BID",
        "id": "75415"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4224"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82185"
      },
      {
        "db": "BID",
        "id": "75415"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4224"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "date": "2015-06-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82185"
      },
      {
        "date": "2015-06-25T00:00:00",
        "db": "BID",
        "id": "75415"
      },
      {
        "date": "2015-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "date": "2015-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      },
      {
        "date": "2015-06-26T10:59:07.123000",
        "db": "NVD",
        "id": "CVE-2015-4224"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04193"
      },
      {
        "date": "2016-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82185"
      },
      {
        "date": "2015-06-25T00:00:00",
        "db": "BID",
        "id": "75415"
      },
      {
        "date": "2015-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      },
      {
        "date": "2015-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      },
      {
        "date": "2024-11-21T02:30:40.060000",
        "db": "NVD",
        "id": "CVE-2015-4224"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "75415"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Wireless LAN Controller Any within a privileged context in the device software  OS Command execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003289"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-576"
      }
    ],
    "trust": 0.6
  }
}

gsd-2015-4224

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

Aliases

CVE-2015-4224

Aliases

CVE-2015-4224

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4224",
    "description": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.",
    "id": "GSD-2015-4224"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4224"
      ],
      "details": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.",
      "id": "GSD-2015-4224",
      "modified": "2023-12-13T01:19:59.306825Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4224",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "75415",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75415"
          },
          {
            "name": "20150625 Cisco Wireless LAN Controller Command Injection Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39517"
          },
          {
            "name": "1032728",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032728"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0\\(240.0\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4224"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150625 Cisco Wireless LAN Controller Command Injection Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39517"
            },
            {
              "name": "75415",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/75415"
            },
            {
              "name": "1032728",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032728"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-28T17:42Z",
      "publishedDate": "2015-06-26T10:59Z"
    }
  }
}

cnvd-2015-04193

Vulnerability from cnvd

Title

Cisco Wireless LAN Controller devices with software任意操作系统命令执行漏洞

Description

Cisco Wireless LAN Controller（WLC）是美国思科（Cisco）公司的一款无线局域网控制器产品。该产品在无线局域网中提供安全策略、入侵检测等功能。使用7.0(240.0)版本软件的Cisco WLC设备中存在安全漏洞。本地攻击者可借助特制的CLI命令利用该漏洞以提升的权限执行任意操作系统命令。

Severity

中

Patch Name

Cisco Wireless LAN Controller devices with software任意操作系统命令执行漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://tools.cisco.com/security/center/viewAlert.x?alertId=39517

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39517

Impacted products

Name
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4224"
    }
  },
  "description": "Cisco Wireless LAN Controller\uff08WLC\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u5c40\u57df\u7f51\u63a7\u5236\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u5728\u65e0\u7ebf\u5c40\u57df\u7f51\u4e2d\u63d0\u4f9b\u5b89\u5168\u7b56\u7565\u3001\u5165\u4fb5\u68c0\u6d4b\u7b49\u529f\u80fd\u3002\r\n\r\n\u4f7f\u75287.0(240.0)\u7248\u672c\u8f6f\u4ef6\u7684Cisco WLC\u8bbe\u5907\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684CLI\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39517",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04193",
  "openTime": "2015-07-03",
  "patchDescription": "Cisco Wireless LAN Controller\uff08WLC\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u5c40\u57df\u7f51\u63a7\u5236\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u5728\u65e0\u7ebf\u5c40\u57df\u7f51\u4e2d\u63d0\u4f9b\u5b89\u5168\u7b56\u7565\u3001\u5165\u4fb5\u68c0\u6d4b\u7b49\u529f\u80fd\u3002\u4f7f\u75287.0(240.0)\u7248\u672c\u8f6f\u4ef6\u7684Cisco WLC\u8bbe\u5907\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684CLI\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Wireless LAN Controller devices with software\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0)"
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39517",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-02",
  "title": "Cisco Wireless LAN Controller devices with software\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

fkie_cve-2015-4224

Vulnerability from fkie_nvd

Published

2015-06-26 10:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39517	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/75415	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1032728	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39517	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75415	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032728	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	cisco	wireless_lan_controller_software	7.0\(240.0\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:7.0\\(240.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "791509C8-7558-4908-BEC1-61C409DAFBBB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Cisco Wireless LAN Controller (WLC) con software 7.0(240.0) permiten a usuarios locales ejecutar comandos del sistema operativo arbitrarios en un contexto privilegiado a trav\u00e9s de comandos CLI manipulados, tambi\u00e9n conocido como Bug ID CSCuj39474."
    }
  ],
  "id": "CVE-2015-4224",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-26T10:59:07.123",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39517"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75415"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032728"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-fwqh-hp5q-r4gh

Vulnerability from github

Published

2022-05-17 03:14

Modified

2022-05-17 03:14

Details

Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-26T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.",
  "id": "GHSA-fwqh-hp5q-r4gh",
  "modified": "2022-05-17T03:14:02Z",
  "published": "2022-05-17T03:14:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4224"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39517"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75415"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032728"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-4224 (GCVE-0-2015-4224)

Vulnerability from cvelistv5

var-201506-0312

Vulnerability from variot

gsd-2015-4224

Vulnerability from gsd

cnvd-2015-04193

Vulnerability from cnvd

fkie_cve-2015-4224

Vulnerability from fkie_nvd

ghsa-fwqh-hp5q-r4gh

Vulnerability from github

Tags

Sightings

Nomenclature