CVE-2015-4282
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
06/11/2015
Last modified:
12/04/2025
Description
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.
Impact
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:mobility_services_engine:5.1_base:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:5.2_base:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:6.0_base:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.0_base:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.4.100.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.4.110.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.4.121.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.4_base:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.5.102.101:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.6.100.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.6.120.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:7.6.132.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:8.0\(110.0\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:mobility_services_engine:8.0_base:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse
- http://www.securityfocus.com/bid/77435
- http://www.securitytracker.com/id/1034066
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse
- http://www.securityfocus.com/bid/77435
- http://www.securitytracker.com/id/1034066