Sign-up

ID

VAR-201503-0178


CVE

CVE-2015-0673


TITLE

Cisco Mobility service Vulnerability in obtaining password of arbitrary user in engine

Trust: 0.8

sources: JVNDB: JVNDB-2015-001958

DESCRIPTION

Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCut24792. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in Cisco MSE 8.0(110.0)

Trust: 1.98

sources: NVD: CVE-2015-0673 // JVNDB: JVNDB-2015-001958 // BID: 73325 // VULHUB: VHN-78619

AFFECTED PRODUCTS

vendor:ciscomodel:mobility services enginescope:eqversion:8.0\(110.0\)

Trust: 1.6

vendor:ciscomodel:mobility services enginescope:eqversion:8.0(110.0)

Trust: 1.1

sources: BID: 73325 // JVNDB: JVNDB-2015-001958 // CNNVD: CNNVD-201503-581 // NVD: CVE-2015-0673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0673
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0673
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201503-581
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78619
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0673
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78619
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78619 // JVNDB: JVNDB-2015-001958 // CNNVD: CNNVD-201503-581 // NVD: CVE-2015-0673

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-78619 // JVNDB: JVNDB-2015-001958 // NVD: CVE-2015-0673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-581

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201503-581

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001958

PATCH
title:38007url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38007
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001958

EXTERNAL IDS
db:NVDid:CVE-2015-0673
Trust: 2.8
db:SECTRACKid:1031971
Trust: 1.1
db:JVNDBid:JVNDB-2015-001958
Trust: 0.8
db:CNNVDid:CNNVD-201503-581
Trust: 0.7
db:BIDid:73325
Trust: 0.4
db:VULHUBid:VHN-78619
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78619 // 
            
            
            
            BID: 73325 // 
            
            
            
            JVNDB: JVNDB-2015-001958 // 
            
            
            
            CNNVD: CNNVD-201503-581 // 
            
            
            
            NVD: CVE-2015-0673

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38007
Trust: 2.0
url:http://www.securitytracker.com/id/1031971
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0673
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0673
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps11640/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78619 // 
            
            
            
            BID: 73325 // 
            
            
            
            JVNDB: JVNDB-2015-001958 // 
            
            
            
            CNNVD: CNNVD-201503-581 // 
            
            
            
            NVD: CVE-2015-0673

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 73325

SOURCES
db:VULHUBid:VHN-78619
db:BIDid:73325
db:JVNDBid:JVNDB-2015-001958
db:CNNVDid:CNNVD-201503-581
db:NVDid:CVE-2015-0673

LAST UPDATE DATE
2024-11-23T22:18:25.505000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78619date:2015-09-04T00:00:00
db:BIDid:73325date:2015-03-24T00:00:00
db:JVNDBid:JVNDB-2015-001958date:2015-03-30T00:00:00
db:CNNVDid:CNNVD-201503-581date:2015-03-27T00:00:00
db:NVDid:CVE-2015-0673date:2024-11-21T02:23:30.773

SOURCES RELEASE DATE
db:VULHUBid:VHN-78619date:2015-03-26T00:00:00
db:BIDid:73325date:2015-03-24T00:00:00
db:JVNDBid:JVNDB-2015-001958date:2015-03-30T00:00:00
db:CNNVDid:CNNVD-201503-581date:2015-03-27T00:00:00
db:NVDid:CVE-2015-0673date:2015-03-26T10:59:16.503