Vulnerability in Cisco Telepresence_server_software

CVE-2015-0660

Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus611…

EPSS: 0.001 (16.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_server_software
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

1031924 (vdb-entry, x_refsource_SECTRACK)
20150312 Cisco Virtual TelePresence Server Serial Console Privileged Access (x_refsource_CISCO, vendor-advisory, Vendor Advisory)