Details of VAR-201504-0285

ID

VAR-201504-0285

CVE

CVE-2015-0706

TITLE

Cisco FireSIGHT system Software open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002474

DESCRIPTION

Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. Cisco FireSIGHT system The software contains an open redirect vulnerability. Vendors have confirmed this vulnerability Bug ID CSCut06060 , CSCut06056 ,and CSCus98966 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. Cisco FireSIGHT System Software is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible. This issue is being tracked by Cisco Bug IDs CSCut06060, CSCut06056, and CSCus98966. Cisco FireSIGHT System Software on Sourcefire 3D Sensor devices is a management center based on 3D Sensor devices of Cisco (Cisco), which supports centralized management of network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services. Lights-Out Management (LOM) is one implementation that supports system administrators to monitor and manage servers remotely. The following versions are affected: Cisco FireSIGHT System Software Release 5.3.1.1, Release 5.3.1.2, Release 6.0.0

Trust: 2.07

sources: NVD: CVE-2015-0706 // JVNDB: JVNDB-2015-002474 // BID: 74286 // VULHUB: VHN-78652 // VULMON: CVE-2015-0706

AFFECTED PRODUCTS

vendor:	cisco	model:	firesight system software	scope:	eq	version:	6.0.0	Trust: 2.7
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.3.1.2	Trust: 2.7
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.3.1.1	Trust: 2.7

sources: BID: 74286 // JVNDB: JVNDB-2015-002474 // CNNVD: CNNVD-201504-444 // NVD: CVE-2015-0706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0706
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0706
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-444
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78652
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-0706
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0706
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-78652
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78652 // VULMON: CVE-2015-0706 // JVNDB: JVNDB-2015-002474 // CNNVD: CNNVD-201504-444 // NVD: CVE-2015-0706

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-002474 // NVD: CVE-2015-0706

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-444

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 74286

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002474

PATCH

title:

38486

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=38486

Trust: 0.8

sources: JVNDB: JVNDB-2015-002474

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0706	Trust: 2.9
db:	JVNDB	id:	JVNDB-2015-002474	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-444	Trust: 0.7
db:	BID	id:	74286	Trust: 0.4
db:	VULHUB	id:	VHN-78652	Trust: 0.1
db:	VULMON	id:	CVE-2015-0706	Trust: 0.1

sources: VULHUB: VHN-78652 // VULMON: CVE-2015-0706 // BID: 74286 // JVNDB: JVNDB-2015-002474 // CNNVD: CNNVD-201504-444 // NVD: CVE-2015-0706

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38486	Trust: 2.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0706	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0706	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-78652 // VULMON: CVE-2015-0706 // BID: 74286 // JVNDB: JVNDB-2015-002474 // CNNVD: CNNVD-201504-444 // NVD: CVE-2015-0706

CREDITS

Cisco

Trust: 0.3

sources: BID: 74286

SOURCES

db:	VULHUB	id:	VHN-78652
db:	VULMON	id:	CVE-2015-0706
db:	BID	id:	74286
db:	JVNDB	id:	JVNDB-2015-002474
db:	CNNVD	id:	CNNVD-201504-444
db:	NVD	id:	CVE-2015-0706

LAST UPDATE DATE

2024-11-23T23:02:41.338000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78652	date:	2015-04-23T00:00:00
db:	VULMON	id:	CVE-2015-0706	date:	2015-04-23T00:00:00
db:	BID	id:	74286	date:	2015-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-002474	date:	2015-04-27T00:00:00
db:	CNNVD	id:	CNNVD-201504-444	date:	2015-04-23T00:00:00
db:	NVD	id:	CVE-2015-0706	date:	2024-11-21T02:23:34.430

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78652	date:	2015-04-23T00:00:00
db:	VULMON	id:	CVE-2015-0706	date:	2015-04-23T00:00:00
db:	BID	id:	74286	date:	2015-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2015-002474	date:	2015-04-27T00:00:00
db:	CNNVD	id:	CNNVD-201504-444	date:	2015-04-23T00:00:00
db:	NVD	id:	CVE-2015-0706	date:	2015-04-23T02:00:16.257