Details of VAR-201503-0170

ID

VAR-201503-0170

CVE

CVE-2015-0667

TITLE

Cisco Content Services Switch 11500 Vulnerability that bypasses restrictions on local network devices in device management interface

Trust: 0.8

sources: JVNDB: JVNDB-2015-001858

DESCRIPTION

The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855. Vendors have confirmed this vulnerability Bug ID CSCut14855 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlSkillfully crafted by a third party SSH Through packets, there are bypasses to local network devices. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2015-0667 // JVNDB: JVNDB-2015-001858 // CNVD: CNVD-2015-01843 // BID: 73205 // VULHUB: VHN-78613

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-01843

AFFECTED PRODUCTS

vendor:	cisco	model:	content services switch 11500	scope:	lte	version:	8.20.4.02	Trust: 1.8
vendor:	cisco	model:	content services switch 11500	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	content services switch	scope:	eq	version:	11500	Trust: 0.6
vendor:	cisco	model:	content services switch	scope:	eq	version:	11500<=8.20.4.02	Trust: 0.6
vendor:	cisco	model:	css11500 content services switch s	scope:	eq	version:	7.30	Trust: 0.6
vendor:	cisco	model:	css11500 content services switch s	scope:	eq	version:	7.20	Trust: 0.6
vendor:	cisco	model:	content services switch 11500	scope:	eq	version:	8.20.4.02	Trust: 0.6
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	8.10.2.65	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	7.50.3.45	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch s	scope:	eq	version:	7.10	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	7.5	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	7.4	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	8.20.4.02	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	8.20.2.01	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	8.10.4.01	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	8.10.3.01	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	8.10.2.05	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	8.10.1.06	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	7.50.3.03	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	7.50.2.05	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	eq	version:	7.50.1.03	Trust: 0.3

sources: CNVD: CNVD-2015-01843 // BID: 73205 // JVNDB: JVNDB-2015-001858 // CNNVD: CNNVD-201503-387 // NVD: CVE-2015-0667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0667
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0667
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-01843
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201503-387
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78613
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0667
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-01843
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78613
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-01843 // VULHUB: VHN-78613 // JVNDB: JVNDB-2015-001858 // CNNVD: CNNVD-201503-387 // NVD: CVE-2015-0667

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78613 // JVNDB: JVNDB-2015-001858 // NVD: CVE-2015-0667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-387

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201503-387

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001858

PATCH

title:

37889

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=37889

Trust: 0.8

sources: JVNDB: JVNDB-2015-001858

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0667	Trust: 3.4
db:	SECTRACK	id:	1031939	Trust: 1.1
db:	BID	id:	73205	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-001858	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-387	Trust: 0.7
db:	CNVD	id:	CNVD-2015-01843	Trust: 0.6
db:	VULHUB	id:	VHN-78613	Trust: 0.1

sources: CNVD: CNVD-2015-01843 // VULHUB: VHN-78613 // BID: 73205 // JVNDB: JVNDB-2015-001858 // CNNVD: CNNVD-201503-387 // NVD: CVE-2015-0667

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37889	Trust: 2.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0667	Trust: 1.4
url:	http://www.securitytracker.com/id/1031939	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0667	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/hw/contnetw/ps792/index.html	Trust: 0.3

sources: CNVD: CNVD-2015-01843 // VULHUB: VHN-78613 // BID: 73205 // JVNDB: JVNDB-2015-001858 // CNNVD: CNNVD-201503-387 // NVD: CVE-2015-0667

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 73205

SOURCES

db:	CNVD	id:	CNVD-2015-01843
db:	VULHUB	id:	VHN-78613
db:	BID	id:	73205
db:	JVNDB	id:	JVNDB-2015-001858
db:	CNNVD	id:	CNNVD-201503-387
db:	NVD	id:	CVE-2015-0667

LAST UPDATE DATE

2024-11-23T22:13:31.780000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-01843	date:	2015-03-20T00:00:00
db:	VULHUB	id:	VHN-78613	date:	2015-09-10T00:00:00
db:	BID	id:	73205	date:	2015-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-001858	date:	2015-03-20T00:00:00
db:	CNNVD	id:	CNNVD-201503-387	date:	2015-03-19T00:00:00
db:	NVD	id:	CVE-2015-0667	date:	2024-11-21T02:23:30.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-01843	date:	2015-03-20T00:00:00
db:	VULHUB	id:	VHN-78613	date:	2015-03-18T00:00:00
db:	BID	id:	73205	date:	2015-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-001858	date:	2015-03-20T00:00:00
db:	CNNVD	id:	CNNVD-201503-387	date:	2015-03-19T00:00:00
db:	NVD	id:	CVE-2015-0667	date:	2015-03-18T23:59:01.330