Details of VAR-201505-0131

ID

VAR-201505-0131

CVE

CVE-2015-0713

TITLE

plural Cisco TelePresence Product Web In the framework root Vulnerability to execute arbitrary commands with privileges

Trust: 0.8

sources: JVNDB: JVNDB-2015-002797

DESCRIPTION

The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855. plural Cisco TelePresence Product Web The framework includes root A vulnerability exists that allows arbitrary commands to be executed with privileges. Vendors have confirmed this vulnerability Bug ID CSCul55968 , CSCur08993 , CSCur15803 , CSCur15807 , CSCur15825 , CSCur15832 , CSCur15842 , CSCur15850 ,and CSCur15855 It is released as.By a remotely authenticated user root An arbitrary command may be executed with authority. Multiple Cisco TelePresence Products are prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. This issue is being tracked by Cisco Bug IDs CSCur15855, CSCur15842, CSCul55968, CSCur15832, CSCur15825, CSCur15807, CSCur15850, CSCur15803, and CSCur08993. are all products of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2015-0713 // JVNDB: JVNDB-2015-002797 // BID: 74638 // VULHUB: VHN-78659

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence advanced media gateway	scope:	eq	version:	1.1\(.1.14\)	Trust: 1.6
vendor:	cisco	model:	telepresence serial gateway	scope:	eq	version:	1.0.1.23	Trust: 1.6
vendor:	cisco	model:	telepresence ip gateway	scope:	eq	version:	2.0.3.34	Trust: 1.6
vendor:	cisco	model:	telepresence ip gateway	scope:	eq	version:	2.0.1.7	Trust: 1.6
vendor:	cisco	model:	telepresence supervisor mse 8050 software	scope:	eq	version:	2.3\(1.32\)	Trust: 1.6
vendor:	cisco	model:	telepresence ip gateway	scope:	eq	version:	2.0.1.11	Trust: 1.6
vendor:	cisco	model:	telepresence supervisor mse 8050 software	scope:	eq	version:	2.2\(1.17\)	Trust: 1.6
vendor:	cisco	model:	telepresence advanced media gateway	scope:	eq	version:	1.1\(1.34\)	Trust: 1.6
vendor:	cisco	model:	telepresence ip vcr 2.4	scope:	eq	version:	1.2	Trust: 1.6
vendor:	cisco	model:	telepresence isdn gw 3241	scope:	eq	version:	2.1\(1.56\)	Trust: 1.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.3\(1.55\)	Trust: 1.0
vendor:	cisco	model:	telepresence advanced media gateway	scope:	eq	version:	1.0\(.1.13\)	Trust: 1.0
vendor:	cisco	model:	telepresence serial gateway	scope:	eq	version:	1.0.1.38	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.0\(1.57\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.1\(1.59\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.0\(2.8\)	Trust: 1.0
vendor:	cisco	model:	telepresence isdn gw 3241	scope:	eq	version:	2.0\(1.51\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.2\(1.43\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.2\(1.46\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.3\(2.18\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.2\(1.43\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.1\(1.33\)	Trust: 1.0
vendor:	cisco	model:	telepresence serial gateway	scope:	eq	version:	1.0.1.34	Trust: 1.0
vendor:	cisco	model:	telepresence ip vcr 1.0 converter	scope:	eq	version:	1.0\(1.9\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.2\(1.50\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.3\(1.68\)	Trust: 1.0
vendor:	cisco	model:	telepresence isdn gw 3241	scope:	eq	version:	2.1\(1.43\)	Trust: 1.0
vendor:	cisco	model:	telepresence isdn gw 3241	scope:	eq	version:	2.1\(1.22\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.4\(3.49\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.2\(1.48\)	Trust: 1.0
vendor:	cisco	model:	telepresence isdn gw 3241	scope:	eq	version:	2.1\(1.49\)	Trust: 1.0
vendor:	cisco	model:	telepresence supervisor mse 8050 software	scope:	eq	version:	2.1\(1.18\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.3\(2.32\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.3\(2.30\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.3\(1.57\)	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.1\(1.51\)	Trust: 1.0
vendor:	cisco	model:	telepresence ip vcr 3.0	scope:	eq	version:	1.24	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.4\(3.42\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.1\(1.37\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.2\(1.54\)	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0\(2.24\)	Trust: 1.0
vendor:	cisco	model:	telepresence ip vcr 3.0	scope:	eq	version:	1.22	Trust: 1.0
vendor:	cisco	model:	telepresence mcu software	scope:	lt	version:	4.5	Trust: 0.8
vendor:	cisco	model:	telepresence ip gateway series software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence mcu software	scope:	eq	version:	4.5(1.45)	Trust: 0.8

sources: JVNDB: JVNDB-2015-002797 // CNNVD: CNNVD-201505-238 // NVD: CVE-2015-0713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0713
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0713
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201505-238
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-78659
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0713
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78659
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78659 // JVNDB: JVNDB-2015-002797 // CNNVD: CNNVD-201505-238 // NVD: CVE-2015-0713

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-78659 // JVNDB: JVNDB-2015-002797 // NVD: CVE-2015-0713

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-238

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201505-238

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002797

PATCH

title:	cisco-sa-20150513-tp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp	Trust: 0.8
title:	38717	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38717	Trust: 0.8
title:	cisco-sa-20150513-tp	url:	http://www.cisco.com/cisco/web/support/JP/112/1129/1129380_cisco-sa-20150513-tp-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-002797

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0713	Trust: 2.8
db:	JVNDB	id:	JVNDB-2015-002797	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-238	Trust: 0.7
db:	SECUNIA	id:	64498	Trust: 0.6
db:	BID	id:	74638	Trust: 0.4
db:	VULHUB	id:	VHN-78659	Trust: 0.1

sources: VULHUB: VHN-78659 // BID: 74638 // JVNDB: JVNDB-2015-002797 // CNNVD: CNNVD-201505-238 // NVD: CVE-2015-0713

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150513-tp	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0713	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0713	Trust: 0.8
url:	http://secunia.com/advisories/64498	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38717	Trust: 0.3

sources: VULHUB: VHN-78659 // BID: 74638 // JVNDB: JVNDB-2015-002797 // CNNVD: CNNVD-201505-238 // NVD: CVE-2015-0713

CREDITS

Cisco

Trust: 0.3

sources: BID: 74638

SOURCES

db:	VULHUB	id:	VHN-78659
db:	BID	id:	74638
db:	JVNDB	id:	JVNDB-2015-002797
db:	CNNVD	id:	CNNVD-201505-238
db:	NVD	id:	CVE-2015-0713

LAST UPDATE DATE

2024-11-23T22:22:55.126000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78659	date:	2015-05-26T00:00:00
db:	BID	id:	74638	date:	2015-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-002797	date:	2015-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201505-238	date:	2015-05-25T00:00:00
db:	NVD	id:	CVE-2015-0713	date:	2024-11-21T02:23:35.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78659	date:	2015-05-25T00:00:00
db:	BID	id:	74638	date:	2015-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-002797	date:	2015-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201505-238	date:	2015-05-15T00:00:00
db:	NVD	id:	CVE-2015-0713	date:	2015-05-25T00:59:01.357