CVE-2015-6335
Description
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco FireSIGHT Management Center for VMware vulnerable to privilege escalation, allowing authenticated admins to execute root commands via insufficient input sanitization.
Vulnerability
The policy implementation in Cisco FireSIGHT Management Center for VMware versions 5.3.1.7, 5.4.0.4, and 6.0.0 contains a vulnerability due to insufficient sanitization of user-supplied input. This allows authenticated remote administrators to bypass intended policy restrictions and execute commands on the underlying Linux operating system [1].
Exploitation
An attacker must have valid administrator-level credentials and network access to the FireSIGHT Management Center appliance. By crafting malicious input, the attacker can bypass policy restrictions and execute arbitrary commands on the underlying Linux operating system [1].
Impact
Successful exploitation grants the attacker root-level access to the underlying Linux operating system, resulting in full compromise of the appliance's confidentiality, integrity, and availability [1].
Mitigation
Cisco has released software updates that address this vulnerability. No workarounds are available. Users are advised to upgrade to a fixed version as indicated in the Cisco Security Advisory [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*
- Range: 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmcnvdVendor Advisory
- www.securitytracker.com/id/1033873nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.