Sign-up

ID

VAR-201504-0283


CVE

CVE-2015-0704


TITLE

Cisco Unified MeetingPlace of API Cross-site request forgery vulnerability in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2015-002472

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884. Vendors have confirmed this vulnerability Bug ID CSCus95884 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCus95884. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2015-0704 // JVNDB: JVNDB-2015-002472 // BID: 74261 // VULHUB: VHN-78650

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.9\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.9)

Trust: 1.1

sources: BID: 74261 // JVNDB: JVNDB-2015-002472 // CNNVD: CNNVD-201504-438 // NVD: CVE-2015-0704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0704
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0704
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-438
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78650
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0704
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78650
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78650 // JVNDB: JVNDB-2015-002472 // CNNVD: CNNVD-201504-438 // NVD: CVE-2015-0704

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-78650 // JVNDB: JVNDB-2015-002472 // NVD: CVE-2015-0704

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-438

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201504-438

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002472

PATCH
title:38460url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38460
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002472

EXTERNAL IDS
db:NVDid:CVE-2015-0704
Trust: 2.8
db:SECTRACKid:1032334
Trust: 1.1
db:JVNDBid:JVNDB-2015-002472
Trust: 0.8
db:CNNVDid:CNNVD-201504-438
Trust: 0.7
db:BIDid:74261
Trust: 0.4
db:VULHUBid:VHN-78650
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78650 // 
            
            
            
            BID: 74261 // 
            
            
            
            JVNDB: JVNDB-2015-002472 // 
            
            
            
            CNNVD: CNNVD-201504-438 // 
            
            
            
            NVD: CVE-2015-0704

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38460
Trust: 2.0
url:http://www.securitytracker.com/id/1032334
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0704
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0704
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78650 // 
            
            
            
            BID: 74261 // 
            
            
            
            JVNDB: JVNDB-2015-002472 // 
            
            
            
            CNNVD: CNNVD-201504-438 // 
            
            
            
            NVD: CVE-2015-0704

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74261

SOURCES
db:VULHUBid:VHN-78650
db:BIDid:74261
db:JVNDBid:JVNDB-2015-002472
db:CNNVDid:CNNVD-201504-438
db:NVDid:CVE-2015-0704

LAST UPDATE DATE
2024-11-23T23:09:15.733000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78650date:2017-01-06T00:00:00
db:BIDid:74261date:2015-04-21T00:00:00
db:JVNDBid:JVNDB-2015-002472date:2015-04-27T00:00:00
db:CNNVDid:CNNVD-201504-438date:2015-04-22T00:00:00
db:NVDid:CVE-2015-0704date:2024-11-21T02:23:34.197

SOURCES RELEASE DATE
db:VULHUBid:VHN-78650date:2015-04-22T00:00:00
db:BIDid:74261date:2015-04-21T00:00:00
db:JVNDBid:JVNDB-2015-002472date:2015-04-27T00:00:00
db:CNNVDid:CNNVD-201504-438date:2015-04-22T00:00:00
db:NVDid:CVE-2015-0704date:2015-04-22T01:59:00.083