Sign-up

ID

VAR-201505-0184


CVE

CVE-2015-0740


TITLE

Cisco Unified Intelligence Center Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-002743

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. Vendors have confirmed this vulnerability Bug ID CSCus28826 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCus28826. The platform provides functions such as report-related business data and comprehensive display of call center data

Trust: 2.07

sources: NVD: CVE-2015-0740 // JVNDB: JVNDB-2015-002743 // BID: 74732 // VULHUB: VHN-78686 // VULMON: CVE-2015-0740

AFFECTED PRODUCTS

vendor:ciscomodel:unified intelligence centerscope:eqversion:10.6\(1\)

Trust: 1.6

vendor:ciscomodel:unified intelligence centerscope:eqversion:10.6(1)

Trust: 0.8

sources: JVNDB: JVNDB-2015-002743 // CNNVD: CNNVD-201505-406 // NVD: CVE-2015-0740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0740
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0740
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-406
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78686
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-0740
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0740
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-78686
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78686 // VULMON: CVE-2015-0740 // JVNDB: JVNDB-2015-002743 // CNNVD: CNNVD-201505-406 // NVD: CVE-2015-0740

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-78686 // JVNDB: JVNDB-2015-002743 // NVD: CVE-2015-0740

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-406

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201505-406

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002743

PATCH
title:38913url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38913
Trust: 0.8
title:Cisco: Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150519-CVE-2015-0740
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-0740 // 
            
            
            
            JVNDB: JVNDB-2015-002743

EXTERNAL IDS
db:NVDid:CVE-2015-0740
Trust: 2.9
db:BIDid:74732
Trust: 1.5
db:SECTRACKid:1032367
Trust: 1.2
db:JVNDBid:JVNDB-2015-002743
Trust: 0.8
db:CNNVDid:CNNVD-201505-406
Trust: 0.7
db:VULHUBid:VHN-78686
Trust: 0.1
db:VULMONid:CVE-2015-0740
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78686 // 
            
            
            
            VULMON: CVE-2015-0740 // 
            
            
            
            BID: 74732 // 
            
            
            
            JVNDB: JVNDB-2015-002743 // 
            
            
            
            CNNVD: CNNVD-201505-406 // 
            
            
            
            NVD: CVE-2015-0740

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38913
Trust: 1.8
url:http://www.securityfocus.com/bid/74732
Trust: 1.2
url:http://www.securitytracker.com/id/1032367
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0740
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0740
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150519-cve-2015-0740
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78686 // 
            
            
            
            VULMON: CVE-2015-0740 // 
            
            
            
            BID: 74732 // 
            
            
            
            JVNDB: JVNDB-2015-002743 // 
            
            
            
            CNNVD: CNNVD-201505-406 // 
            
            
            
            NVD: CVE-2015-0740

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74732

SOURCES
db:VULHUBid:VHN-78686
db:VULMONid:CVE-2015-0740
db:BIDid:74732
db:JVNDBid:JVNDB-2015-002743
db:CNNVDid:CNNVD-201505-406
db:NVDid:CVE-2015-0740

LAST UPDATE DATE
2024-11-23T22:56:25.614000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78686date:2017-01-06T00:00:00
db:VULMONid:CVE-2015-0740date:2017-01-06T00:00:00
db:BIDid:74732date:2015-05-19T00:00:00
db:JVNDBid:JVNDB-2015-002743date:2015-05-21T00:00:00
db:CNNVDid:CNNVD-201505-406date:2015-05-20T00:00:00
db:NVDid:CVE-2015-0740date:2024-11-21T02:23:38.010

SOURCES RELEASE DATE
db:VULHUBid:VHN-78686date:2015-05-20T00:00:00
db:VULMONid:CVE-2015-0740date:2015-05-20T00:00:00
db:BIDid:74732date:2015-05-19T00:00:00
db:JVNDBid:JVNDB-2015-002743date:2015-05-21T00:00:00
db:CNNVDid:CNNVD-201505-406date:2015-05-20T00:00:00
db:NVDid:CVE-2015-0740date:2015-05-20T00:59:00.077