Details of VAR-201505-0183

ID

VAR-201505-0183

CVE

CVE-2015-0739

TITLE

Cisco Sourcefire 3D Runs on the sensor device FireSIGHT system Software LOM Any in the implementation of BMC File upload vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002729

DESCRIPTION

The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. The Cisco Sourcefire 3D System Lights-Out Management is prone to an arbitrary file-upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected device. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCus87938. Cisco FireSIGHT System Software on Sourcefire 3D Sensor devices is a management center based on 3D Sensor devices of Cisco (Cisco), which supports centralized management of network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services. Lights-Out Management (LOM) is one implementation that supports system administrators to monitor and manage servers remotely

Trust: 1.98

sources: NVD: CVE-2015-0739 // JVNDB: JVNDB-2015-002729 // BID: 74709 // VULHUB: VHN-78685

AFFECTED PRODUCTS

vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.3.0	Trust: 2.4
vendor:	cisco	model:	sourcefire 3d1000 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d2000 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d2100 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d2500 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d3500 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d4500 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d500 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d6500 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d9900 sensor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sourcefire 3d system lights-out management	scope:	eq	version:	5.3	Trust: 0.3

sources: BID: 74709 // JVNDB: JVNDB-2015-002729 // CNNVD: CNNVD-201505-311 // NVD: CVE-2015-0739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0739
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0739
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-311
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78685
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0739
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78685
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78685 // JVNDB: JVNDB-2015-002729 // CNNVD: CNNVD-201505-311 // NVD: CVE-2015-0739

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78685 // JVNDB: JVNDB-2015-002729 // NVD: CVE-2015-0739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-311

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201505-311

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002729

PATCH

title:	Sourcefire 3D Sensor	url:	http://www.cisco.com/c/en/us/support/security/sourcefire-3d-sensor/tsd-products-support-series-home.html	Trust: 0.8
title:	38905	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38905	Trust: 0.8

sources: JVNDB: JVNDB-2015-002729

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0739	Trust: 2.8
db:	BID	id:	74709	Trust: 1.4
db:	SECTRACK	id:	1032359	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002729	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-311	Trust: 0.7
db:	VULHUB	id:	VHN-78685	Trust: 0.1

sources: VULHUB: VHN-78685 // BID: 74709 // JVNDB: JVNDB-2015-002729 // CNNVD: CNNVD-201505-311 // NVD: CVE-2015-0739

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38905	Trust: 1.7
url:	http://www.securityfocus.com/bid/74709	Trust: 1.1
url:	http://www.securitytracker.com/id/1032359	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0739	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0739	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38905	Trust: 0.3

sources: VULHUB: VHN-78685 // BID: 74709 // JVNDB: JVNDB-2015-002729 // CNNVD: CNNVD-201505-311 // NVD: CVE-2015-0739

CREDITS

Cisco

Trust: 0.3

sources: BID: 74709

SOURCES

db:	VULHUB	id:	VHN-78685
db:	BID	id:	74709
db:	JVNDB	id:	JVNDB-2015-002729
db:	CNNVD	id:	CNNVD-201505-311
db:	NVD	id:	CVE-2015-0739

LAST UPDATE DATE

2024-11-23T21:44:17.819000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78685	date:	2017-01-06T00:00:00
db:	BID	id:	74709	date:	2015-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-002729	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-311	date:	2015-05-22T00:00:00
db:	NVD	id:	CVE-2015-0739	date:	2024-11-21T02:23:37.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78685	date:	2015-05-19T00:00:00
db:	BID	id:	74709	date:	2015-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-002729	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-311	date:	2015-05-19T00:00:00
db:	NVD	id:	CVE-2015-0739	date:	2015-05-19T02:00:18.917