VAR-201506-0312
Vulnerability from variot - Updated: 2025-04-13 23:23Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. OS A command execution vulnerability exists. The product provides security policy, intrusion detection and other functions in the wireless LAN. A security vulnerability exists in Cisco WLC devices that use version 7.0 (240.0) software. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCuj39474
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless lan controller software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0\\(240.0\\)"
},
{
"model": "wireless lan controller software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.0(240.0)"
},
{
"model": "wireless lan controller devices with software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.0(240.0)"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(240.0)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"db": "BID",
"id": "75415"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-576"
},
{
"db": "NVD",
"id": "CVE-2015-4224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:wireless_lan_controller_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75415"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-4224",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-04193",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-82185",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4224",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-4224",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-04193",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-576",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-82185",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"db": "VULHUB",
"id": "VHN-82185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-576"
},
{
"db": "NVD",
"id": "CVE-2015-4224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. OS A command execution vulnerability exists. The product provides security policy, intrusion detection and other functions in the wireless LAN. A security vulnerability exists in Cisco WLC devices that use version 7.0 (240.0) software. Successful exploits may compromise the affected device. \nThis issue being tracked by Cisco Bug ID CSCuj39474",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4224"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"db": "BID",
"id": "75415"
},
{
"db": "VULHUB",
"id": "VHN-82185"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4224",
"trust": 3.4
},
{
"db": "BID",
"id": "75415",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1032728",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-576",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04193",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82185",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"db": "VULHUB",
"id": "VHN-82185"
},
{
"db": "BID",
"id": "75415"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-576"
},
{
"db": "NVD",
"id": "CVE-2015-4224"
}
]
},
"id": "VAR-201506-0312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"db": "VULHUB",
"id": "VHN-82185"
}
],
"trust": 1.46715547
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04193"
}
]
},
"last_update_date": "2025-04-13T23:23:44.696000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39517",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39517"
},
{
"title": "Cisco Wireless LAN Controller devices with software patch for any operating system command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/60304"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"db": "NVD",
"id": "CVE-2015-4224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39517"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75415"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032728"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4224"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4224"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"db": "VULHUB",
"id": "VHN-82185"
},
{
"db": "BID",
"id": "75415"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-576"
},
{
"db": "NVD",
"id": "CVE-2015-4224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"db": "VULHUB",
"id": "VHN-82185"
},
{
"db": "BID",
"id": "75415"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-576"
},
{
"db": "NVD",
"id": "CVE-2015-4224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"date": "2015-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-82185"
},
{
"date": "2015-06-25T00:00:00",
"db": "BID",
"id": "75415"
},
{
"date": "2015-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"date": "2015-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-576"
},
{
"date": "2015-06-26T10:59:07.123000",
"db": "NVD",
"id": "CVE-2015-4224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04193"
},
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82185"
},
{
"date": "2015-06-25T00:00:00",
"db": "BID",
"id": "75415"
},
{
"date": "2015-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003289"
},
{
"date": "2015-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-576"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75415"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-576"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Wireless LAN Controller Any within a privileged context in the device software OS Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-576"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…