This advisory is available at the following link:
Refer to the "Workarounds" section of this advisory for additional information on how to mitigate this vulnerability.Ĭustomers using Cisco Secure Desktop should migrate to Cisco Host Scan standalone package. jar files have been removed and are not anymore available for download.īecause Cisco does not control all existing Cisco Secure Desktop packages customers are advised to ensure to ensure that their Java blacklists controls have been updated to avoid potential exploitation. Cisco Secure Desktop packages that includes the affected. There is no fixed software for this vulnerability. The Cache Cleaner feature has been deprecated since November 2012. Command execution would occur with the privileges of the user. Subject: Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution VulnerabilityĬisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerabilityįor Public Release 2015 April 15 16:00 UTC (GMT)Ī vulnerability in a Cisco-signed Java Archive (JAR) executable Cache Cleaner component of Cisco Secure Desktop could allow an unauthenticated, remote attacker to execute arbitrary commands on the client host where the affected. Vendor URL: /security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd (Links to External Site) The vendor notes that the Cache Cleaner feature has been deprecated since November 2012.
The vendor has described a configuration solution in their advisory. Jason Sinchak reported this vulnerability.Ī remote user can create a file that, when loaded by the target user, will execute arbitrary commands on the target user's system. The vendor has assigned bug ID CSCup83001 to this vulnerability.Ĭisco Host Scan standalone and CiscoAn圜onnect Secure Mobility Client are not affected. The commands will run with the privileges of the target user. A remote user can cause arbitrary commands to be executed on the target user's system.Ī remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in the Cisco-signed Java Archive (JAR) executable Cache Cleaner component and execute arbitrary commands on the target system. Impact: Execution of arbitrary code via network, User access via networkĪ vulnerability was reported in Cisco Secure Desktop. Home | View Topics | Search | Contact Us |Ĭisco Secure Desktop Cache Cleaner '.jar' File Lets Remote Users Execute Arbitrary CommandsĬVE Reference: CVE-2015-0691 (Links to External Site) Cisco Secure Desktop Cache Cleaner '.jar' File Lets Remote Users Execute Arbitrary Commands - SecurityTracker
0 kommentar(er)
