Details of VAR-201505-0135

ID

VAR-201505-0135

CVE

CVE-2015-0717

TITLE

Cisco Unified Communications Manager Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2015-002718

DESCRIPTION

Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. Cisco Unified Communications Manager Contains a privileged vulnerability. Local attackers can exploit this issue to gain root privileges. Successful exploits will result in the complete compromise of affected computers. This issue is being tracked by Cisco Bug ID CSCut19546. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A security vulnerability exists in CUCM version 10.0 (1.10000.12), which is caused by the program not adequately filtering user-submitted input

Trust: 1.98

sources: NVD: CVE-2015-0717 // JVNDB: JVNDB-2015-002718 // BID: 74579 // VULHUB: VHN-78663

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0\(1.10000.12\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0(1.10000.12)	Trust: 1.1

sources: BID: 74579 // JVNDB: JVNDB-2015-002718 // CNNVD: CNNVD-201505-084 // NVD: CVE-2015-0717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0717
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0717
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201505-084
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78663
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0717
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2015-0717
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-78663
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78663 // JVNDB: JVNDB-2015-002718 // CNNVD: CNNVD-201505-084 // NVD: CVE-2015-0717

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-264	Trust: 1.1

sources: VULHUB: VHN-78663 // JVNDB: JVNDB-2015-002718 // NVD: CVE-2015-0717

THREAT TYPE

local

Trust: 0.9

sources: BID: 74579 // CNNVD: CNNVD-201505-084

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201505-084

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002718

PATCH

title:

38763

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=38763

Trust: 0.8

sources: JVNDB: JVNDB-2015-002718

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0717	Trust: 2.8
db:	SECTRACK	id:	1032278	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002718	Trust: 0.8
db:	SECUNIA	id:	64470	Trust: 0.6
db:	CNNVD	id:	CNNVD-201505-084	Trust: 0.6
db:	BID	id:	74579	Trust: 0.4
db:	VULHUB	id:	VHN-78663	Trust: 0.1

sources: VULHUB: VHN-78663 // BID: 74579 // JVNDB: JVNDB-2015-002718 // CNNVD: CNNVD-201505-084 // NVD: CVE-2015-0717

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38763	Trust: 2.0
url:	http://www.securitytracker.com/id/1032278	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0717	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0717	Trust: 0.8
url:	http://secunia.com/advisories/64470	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-78663 // BID: 74579 // JVNDB: JVNDB-2015-002718 // CNNVD: CNNVD-201505-084 // NVD: CVE-2015-0717

CREDITS

Cisco

Trust: 0.3

sources: BID: 74579

SOURCES

db:	VULHUB	id:	VHN-78663
db:	BID	id:	74579
db:	JVNDB	id:	JVNDB-2015-002718
db:	CNNVD	id:	CNNVD-201505-084
db:	NVD	id:	CVE-2015-0717

LAST UPDATE DATE

2024-11-23T23:09:15.541000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78663	date:	2017-01-06T00:00:00
db:	BID	id:	74579	date:	2015-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002718	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-084	date:	2015-05-18T00:00:00
db:	NVD	id:	CVE-2015-0717	date:	2024-11-21T02:23:35.633

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78663	date:	2015-05-16T00:00:00
db:	BID	id:	74579	date:	2015-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002718	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-084	date:	2015-05-12T00:00:00
db:	NVD	id:	CVE-2015-0717	date:	2015-05-16T14:59:00.063