Sign-up

ID

VAR-201505-0180


CVE

CVE-2015-0735


TITLE

Cisco Unified Customer Voice Portal Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-002713

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. Vendors have confirmed this vulnerability Bug ID CSCut93970 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCut93970

Trust: 1.98

sources: NVD: CVE-2015-0735 // JVNDB: JVNDB-2015-002713 // BID: 73697 // VULHUB: VHN-78681

AFFECTED PRODUCTS

vendor:ciscomodel:unified customer voice portalscope:eqversion:10.5\(1\)

Trust: 1.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:10.5(1)

Trust: 1.1

sources: BID: 73697 // JVNDB: JVNDB-2015-002713 // CNNVD: CNNVD-201505-260 // NVD: CVE-2015-0735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0735
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0735
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-260
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78681
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0735
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78681
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78681 // JVNDB: JVNDB-2015-002713 // CNNVD: CNNVD-201505-260 // NVD: CVE-2015-0735

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-78681 // JVNDB: JVNDB-2015-002713 // NVD: CVE-2015-0735

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-260

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201505-260

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002713

PATCH
title:38868url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38868
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002713

EXTERNAL IDS
db:NVDid:CVE-2015-0735
Trust: 2.8
db:SECTRACKid:1032340
Trust: 1.1
db:JVNDBid:JVNDB-2015-002713
Trust: 0.8
db:CNNVDid:CNNVD-201505-260
Trust: 0.6
db:BIDid:73697
Trust: 0.4
db:VULHUBid:VHN-78681
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78681 // 
            
            
            
            BID: 73697 // 
            
            
            
            JVNDB: JVNDB-2015-002713 // 
            
            
            
            CNNVD: CNNVD-201505-260 // 
            
            
            
            NVD: CVE-2015-0735

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38868
Trust: 2.0
url:http://www.securitytracker.com/id/1032340
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0735
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0735
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/custcosw/ps1006/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78681 // 
            
            
            
            BID: 73697 // 
            
            
            
            JVNDB: JVNDB-2015-002713 // 
            
            
            
            CNNVD: CNNVD-201505-260 // 
            
            
            
            NVD: CVE-2015-0735

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 73697

SOURCES
db:VULHUBid:VHN-78681
db:BIDid:73697
db:JVNDBid:JVNDB-2015-002713
db:CNNVDid:CNNVD-201505-260
db:NVDid:CVE-2015-0735

LAST UPDATE DATE
2024-11-23T22:59:36.431000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78681date:2017-01-06T00:00:00
db:BIDid:73697date:2015-05-15T00:00:00
db:JVNDBid:JVNDB-2015-002713date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-260date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0735date:2024-11-21T02:23:37.480

SOURCES RELEASE DATE
db:VULHUBid:VHN-78681date:2015-05-17T00:00:00
db:BIDid:73697date:2015-05-15T00:00:00
db:JVNDBid:JVNDB-2015-002713date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-260date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0735date:2015-05-17T01:59:01.237