CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-0692

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.4%

CVSS Severity

CVSS v2 Score 7.2

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=38305
http://www.securitytracker.com/id/1032097
http://tools.cisco.com/security/center/viewAlert.x?alertId=38305
http://www.securitytracker.com/id/1032097

Products affected by CVE-2015-0692

Cisco » Web Security Appliance » Version: 8.5_base

cpe:2.3:a:cisco:web_security_appliance:8.5_base

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-0692

Products

Pricing

Contact Us