Details of VAR-201503-0158

ID

VAR-201503-0158

CVE

CVE-2015-0653

TITLE

plural Cisco Vulnerabilities that bypass authentication in the product management interface

Trust: 0.8

sources: JVNDB: JVNDB-2015-001810

DESCRIPTION

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556. Vendors have confirmed this vulnerability Bug IDs CSCur02680 and CSCur05556 It is released as.Skillfully crafted by a third party login Authentication may be bypassed via parameters. Multiple Cisco Products are prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized administrative access. This may aid in further attacks. These issues are being tracked by Cisco Bug ID's CSCur02680 and CSCur05556

Trust: 1.98

sources: NVD: CVE-2015-0653 // JVNDB: JVNDB-2015-001810 // BID: 73044 // VULHUB: VHN-78599

AFFECTED PRODUCTS

vendor:	cisco	model:	expressway software	scope:	gte	version:	x8.2	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	gte	version:	x8.1	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	lt	version:	x8.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence conductor	scope:	lt	version:	x2.3.1	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x7.2.4	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x8.2.2	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	gte	version:	x8.2	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	gte	version:	x8.1	Trust: 1.0
vendor:	cisco	model:	telepresence conductor	scope:	lt	version:	xc2.4.1	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	gte	version:	x7.2	Trust: 1.0
vendor:	cisco	model:	telepresence conductor	scope:	gte	version:	x2.3	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x8.1.2	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	lt	version:	x8.2.2	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	gte	version:	x7.2	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	lt	version:	x7.2.4	Trust: 1.0
vendor:	cisco	model:	telepresence conductor	scope:	gte	version:	xc2.4	Trust: 1.0
vendor:	cisco	model:	expressway software	scope:	lt	version:	x8.2	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x8.2	Trust: 0.8
vendor:	cisco	model:	expressway software	scope:	eq	version:	x8.2.2	Trust: 0.8
vendor:	cisco	model:	expressway software	scope:	lt	version:	x8	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	lt	version:	x8	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.2.2	Trust: 0.8
vendor:	cisco	model:	telepresence conductor	scope:	eq	version:	xc2.4.1	Trust: 0.8
vendor:	cisco	model:	expressway software	scope:	eq	version:	x8.1.2	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1.2	Trust: 0.8
vendor:	cisco	model:	telepresence conductor	scope:	lt	version:	xc2.4	Trust: 0.8
vendor:	cisco	model:	expressway software	scope:	eq	version:	x8.1.1	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.2.1	Trust: 0.6
vendor:	cisco	model:	telepresence conductor	scope:	eq	version:	xc3	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x7.2.3	Trust: 0.6
vendor:	cisco	model:	expressway software	scope:	eq	version:	x8.2.1	Trust: 0.6
vendor:	cisco	model:	expressway software	scope:	eq	version:	x7.2.3	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1.1	Trust: 0.6
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.1.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.2.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.2.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.0.3	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.0.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x7.0	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.2.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x6.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x6.0	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server base	scope:	eq	version:	x5.2	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.0.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc1.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc1.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc1.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	expressway series	scope:	eq	version:	x8.1.1	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	eq	version:	x8.2.1	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	eq	version:	x8.2	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	eq	version:	x8.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	ne	version:	x8.5.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	ne	version:	x8.2.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	ne	version:	x8.1.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	ne	version:	x7.2.4	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc3.0	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.4.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence conductor xc2.3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	ne	version:	x8.5.2	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	ne	version:	x8.2.2	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	ne	version:	x8.1.2	Trust: 0.3
vendor:	cisco	model:	expressway	scope:	ne	version:	x7.2.4	Trust: 0.3

sources: BID: 73044 // JVNDB: JVNDB-2015-001810 // CNNVD: CNNVD-201503-308 // NVD: CVE-2015-0653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0653
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0653
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201503-308
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-78599
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0653
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78599
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78599 // JVNDB: JVNDB-2015-001810 // CNNVD: CNNVD-201503-308 // NVD: CVE-2015-0653

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-78599 // JVNDB: JVNDB-2015-001810 // NVD: CVE-2015-0653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-308

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201503-308

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001810

PATCH

title:	37541	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=37541	Trust: 0.8
title:	cisco-sa-20150311-vcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs	Trust: 0.8
title:	37729	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37729	Trust: 0.8
title:	Multiple Cisco Product Authorization Issue Vulnerability Fixing Measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93765	Trust: 0.6

sources: JVNDB: JVNDB-2015-001810 // CNNVD: CNNVD-201503-308

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0653	Trust: 2.8
db:	SECTRACK	id:	1031910	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-001810	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-308	Trust: 0.7
db:	BID	id:	73044	Trust: 0.4
db:	VULHUB	id:	VHN-78599	Trust: 0.1

sources: VULHUB: VHN-78599 // BID: 73044 // JVNDB: JVNDB-2015-001810 // CNNVD: CNNVD-201503-308 // NVD: CVE-2015-0653

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150311-vcs	Trust: 2.0
url:	http://www.securitytracker.com/id/1031910	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0653	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0653	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37729	Trust: 0.3

sources: VULHUB: VHN-78599 // BID: 73044 // JVNDB: JVNDB-2015-001810 // CNNVD: CNNVD-201503-308 // NVD: CVE-2015-0653

CREDITS

Cisco

Trust: 0.3

sources: BID: 73044

SOURCES

db:	VULHUB	id:	VHN-78599
db:	BID	id:	73044
db:	JVNDB	id:	JVNDB-2015-001810
db:	CNNVD	id:	CNNVD-201503-308
db:	NVD	id:	CVE-2015-0653

LAST UPDATE DATE

2024-11-23T22:27:11.386000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78599	date:	2019-06-11T00:00:00
db:	BID	id:	73044	date:	2015-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-001810	date:	2015-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201503-308	date:	2019-06-12T00:00:00
db:	NVD	id:	CVE-2015-0653	date:	2024-11-21T02:23:28.730

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78599	date:	2015-03-13T00:00:00
db:	BID	id:	73044	date:	2015-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-001810	date:	2015-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201503-308	date:	2015-03-16T00:00:00
db:	NVD	id:	CVE-2015-0653	date:	2015-03-13T01:59:32.427