Sign-up

ID

VAR-201505-0181


CVE

CVE-2015-0736


TITLE

Cisco MediaSense Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-002716

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuu16728. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc

Trust: 1.98

sources: NVD: CVE-2015-0736 // JVNDB: JVNDB-2015-002716 // BID: 74671 // VULHUB: VHN-78682

AFFECTED PRODUCTS

vendor:ciscomodel:mediasensescope:eqversion:10.5\(1\)

Trust: 1.6

vendor:ciscomodel:mediasensescope:eqversion:10.0\(1\)

Trust: 1.6

vendor:ciscomodel:mediasensescope:eqversion:9.1\(1\)

Trust: 1.6

vendor:ciscomodel:mediasensescope:lteversion:10.5(1)

Trust: 0.8

sources: JVNDB: JVNDB-2015-002716 // CNNVD: CNNVD-201505-256 // NVD: CVE-2015-0736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0736
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0736
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-256
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78682
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0736
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78682
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78682 // JVNDB: JVNDB-2015-002716 // CNNVD: CNNVD-201505-256 // NVD: CVE-2015-0736

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-78682 // JVNDB: JVNDB-2015-002716 // NVD: CVE-2015-0736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-256

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201505-256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002716

PATCH
title:38869url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38869
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002716

EXTERNAL IDS
db:NVDid:CVE-2015-0736
Trust: 2.8
db:SECTRACKid:1032336
Trust: 1.1
db:JVNDBid:JVNDB-2015-002716
Trust: 0.8
db:CNNVDid:CNNVD-201505-256
Trust: 0.7
db:BIDid:74671
Trust: 0.4
db:VULHUBid:VHN-78682
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78682 // 
            
            
            
            BID: 74671 // 
            
            
            
            JVNDB: JVNDB-2015-002716 // 
            
            
            
            CNNVD: CNNVD-201505-256 // 
            
            
            
            NVD: CVE-2015-0736

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38869
Trust: 2.0
url:http://www.securitytracker.com/id/1032336
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0736
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0736
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78682 // 
            
            
            
            BID: 74671 // 
            
            
            
            JVNDB: JVNDB-2015-002716 // 
            
            
            
            CNNVD: CNNVD-201505-256 // 
            
            
            
            NVD: CVE-2015-0736

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74671

SOURCES
db:VULHUBid:VHN-78682
db:BIDid:74671
db:JVNDBid:JVNDB-2015-002716
db:CNNVDid:CNNVD-201505-256
db:NVDid:CVE-2015-0736

LAST UPDATE DATE
2024-11-23T23:02:41.220000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78682date:2017-01-06T00:00:00
db:BIDid:74671date:2015-05-14T00:00:00
db:JVNDBid:JVNDB-2015-002716date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-256date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0736date:2024-11-21T02:23:37.583

SOURCES RELEASE DATE
db:VULHUBid:VHN-78682date:2015-05-16T00:00:00
db:BIDid:74671date:2015-05-14T00:00:00
db:JVNDBid:JVNDB-2015-002716date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-256date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0736date:2015-05-16T02:01:45.667