Sign-up

ID

VAR-201505-0185


CVE

CVE-2015-0741


TITLE

Cisco Prime Central for Hosted Collaboration Solution Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-002768

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. Vendors have confirmed this vulnerability Bug ID CSCut04596 It is released as.A third party may be able to hijack the authentication of any user. Exploiting these issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected user. Other attacks are also possible. These issues are being tracked by Cisco bug ID's CSCut04596, CSCuw95626 and CSCva27600. The platform provides functions such as secure access authentication and real-time fault analysis

Trust: 1.98

sources: NVD: CVE-2015-0741 // JVNDB: JVNDB-2015-002768 // BID: 74754 // VULHUB: VHN-78687

AFFECTED PRODUCTS

vendor:ciscomodel:hosted collaboration solutionscope:lteversion:10.6\(1\)

Trust: 1.0

vendor:ciscomodel:prime central for hosted collaboration solutionscope:lteversion:10.6(1)

Trust: 0.8

vendor:ciscomodel:hosted collaboration solutionscope:eqversion:10.6\(1\)

Trust: 0.6

sources: JVNDB: JVNDB-2015-002768 // CNNVD: CNNVD-201505-457 // NVD: CVE-2015-0741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0741
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0741
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-457
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78687
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0741
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78687
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78687 // JVNDB: JVNDB-2015-002768 // CNNVD: CNNVD-201505-457 // NVD: CVE-2015-0741

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-78687 // JVNDB: JVNDB-2015-002768 // NVD: CVE-2015-0741

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-457

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201505-457

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002768

PATCH
title:38927url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38927
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002768

EXTERNAL IDS
db:NVDid:CVE-2015-0741
Trust: 2.8
db:BIDid:74754
Trust: 1.4
db:SECTRACKid:1032380
Trust: 1.1
db:JVNDBid:JVNDB-2015-002768
Trust: 0.8
db:CNNVDid:CNNVD-201505-457
Trust: 0.7
db:SECUNIAid:64618
Trust: 0.6
db:VULHUBid:VHN-78687
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78687 // 
            
            
            
            BID: 74754 // 
            
            
            
            JVNDB: JVNDB-2015-002768 // 
            
            
            
            CNNVD: CNNVD-201505-457 // 
            
            
            
            NVD: CVE-2015-0741

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38927
Trust: 1.7
url:http://www.securityfocus.com/bid/74754
Trust: 1.1
url:http://www.securitytracker.com/id/1032380
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0741
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0741
Trust: 0.8
url:http://secunia.com/advisories/64618
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78687 // 
            
            
            
            BID: 74754 // 
            
            
            
            JVNDB: JVNDB-2015-002768 // 
            
            
            
            CNNVD: CNNVD-201505-457 // 
            
            
            
            NVD: CVE-2015-0741

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74754

SOURCES
db:VULHUBid:VHN-78687
db:BIDid:74754
db:JVNDBid:JVNDB-2015-002768
db:CNNVDid:CNNVD-201505-457
db:NVDid:CVE-2015-0741

LAST UPDATE DATE
2024-11-23T23:05:39.361000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78687date:2017-01-06T00:00:00
db:BIDid:74754date:2016-07-06T15:10:00
db:JVNDBid:JVNDB-2015-002768date:2015-05-22T00:00:00
db:CNNVDid:CNNVD-201505-457date:2015-05-22T00:00:00
db:NVDid:CVE-2015-0741date:2024-11-21T02:23:38.117

SOURCES RELEASE DATE
db:VULHUBid:VHN-78687date:2015-05-21T00:00:00
db:BIDid:74754date:2015-05-20T00:00:00
db:JVNDBid:JVNDB-2015-002768date:2015-05-22T00:00:00
db:CNNVDid:CNNVD-201505-457date:2015-05-22T00:00:00
db:NVDid:CVE-2015-0741date:2015-05-21T10:59:00.067