Sign-up

ID

VAR-201504-0281


CVE

CVE-2015-0702


TITLE

Cisco Unified MeetingPlace of Custom Prompts Arbitrary code execution vulnerability in implementation of upload

Trust: 0.8

sources: JVNDB: JVNDB-2015-002413

DESCRIPTION

Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. Vendors have confirmed this vulnerability Bug ID CSCus95712 It is released as. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. Successful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 2.07

sources: NVD: CVE-2015-0702 // JVNDB: JVNDB-2015-002413 // BID: 74244 // VULHUB: VHN-78648 // VULMON: CVE-2015-0702

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.9\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.9)

Trust: 1.1

sources: BID: 74244 // JVNDB: JVNDB-2015-002413 // CNNVD: CNNVD-201504-405 // NVD: CVE-2015-0702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0702
value: HIGH

Trust: 1.0

NVD: CVE-2015-0702
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201504-405
value: CRITICAL

Trust: 0.6

VULHUB: VHN-78648
value: HIGH

Trust: 0.1

VULMON: CVE-2015-0702
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0702
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-78648
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78648 // VULMON: CVE-2015-0702 // JVNDB: JVNDB-2015-002413 // CNNVD: CNNVD-201504-405 // NVD: CVE-2015-0702

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-434

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-78648 // JVNDB: JVNDB-2015-002413 // NVD: CVE-2015-0702

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-405

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201504-405

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002413

PATCH
title:38455url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38455
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002413

EXTERNAL IDS
db:NVDid:CVE-2015-0702
Trust: 2.9
db:SECTRACKid:1032165
Trust: 1.2
db:JVNDBid:JVNDB-2015-002413
Trust: 0.8
db:CNNVDid:CNNVD-201504-405
Trust: 0.7
db:BIDid:74244
Trust: 0.4
db:VULHUBid:VHN-78648
Trust: 0.1
db:VULMONid:CVE-2015-0702
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78648 // 
            
            
            
            VULMON: CVE-2015-0702 // 
            
            
            
            BID: 74244 // 
            
            
            
            JVNDB: JVNDB-2015-002413 // 
            
            
            
            CNNVD: CNNVD-201504-405 // 
            
            
            
            NVD: CVE-2015-0702

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38455
Trust: 2.1
url:http://www.securitytracker.com/id/1032165
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0702
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0702
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/434.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78648 // 
            
            
            
            VULMON: CVE-2015-0702 // 
            
            
            
            BID: 74244 // 
            
            
            
            JVNDB: JVNDB-2015-002413 // 
            
            
            
            CNNVD: CNNVD-201504-405 // 
            
            
            
            NVD: CVE-2015-0702

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74244

SOURCES
db:VULHUBid:VHN-78648
db:VULMONid:CVE-2015-0702
db:BIDid:74244
db:JVNDBid:JVNDB-2015-002413
db:CNNVDid:CNNVD-201504-405
db:NVDid:CVE-2015-0702

LAST UPDATE DATE
2024-11-23T23:12:43.446000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78648date:2017-01-06T00:00:00
db:VULMONid:CVE-2015-0702date:2017-01-06T00:00:00
db:BIDid:74244date:2015-04-20T00:00:00
db:JVNDBid:JVNDB-2015-002413date:2015-04-22T00:00:00
db:CNNVDid:CNNVD-201504-405date:2015-04-21T00:00:00
db:NVDid:CVE-2015-0702date:2024-11-21T02:23:33.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-78648date:2015-04-21T00:00:00
db:VULMONid:CVE-2015-0702date:2015-04-21T00:00:00
db:BIDid:74244date:2015-04-20T00:00:00
db:JVNDBid:JVNDB-2015-002413date:2015-04-22T00:00:00
db:CNNVDid:CNNVD-201504-405date:2015-04-21T00:00:00
db:NVDid:CVE-2015-0702date:2015-04-21T02:59:00.997