Sign-up

ID

VAR-201505-0199


CVE

CVE-2015-0757


TITLE

Cisco Identity Services Engine of Web Vulnerabilities that capture important information in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2015-002874

DESCRIPTION

The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140. Vendors have confirmed this vulnerability Bug ID CSCuq23140 It is released as.By a third party Web By reading the page, important information may be obtained. Cisco Identity Services Engine Software is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information stored on an affected device. This may lead to further attacks. This issue being tracked by Cisco Bug ID CSCuq23140. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2015-0757 // JVNDB: JVNDB-2015-002874 // BID: 74864 // VULHUB: VHN-78703

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3\(0.722\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(1.901\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3(0.722)

Trust: 1.1

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2(1.901)

Trust: 1.1

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

sources: BID: 74864 // JVNDB: JVNDB-2015-002874 // CNNVD: CNNVD-201505-583 // NVD: CVE-2015-0757

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0757
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0757
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-583
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78703
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0757
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78703
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78703 // JVNDB: JVNDB-2015-002874 // CNNVD: CNNVD-201505-583 // NVD: CVE-2015-0757

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-78703 // JVNDB: JVNDB-2015-002874 // NVD: CVE-2015-0757

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-583

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201505-583

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002874

PATCH
title:39042url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39042
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002874

EXTERNAL IDS
db:NVDid:CVE-2015-0757
Trust: 2.8
db:BIDid:74864
Trust: 1.4
db:SECTRACKid:1032420
Trust: 1.1
db:JVNDBid:JVNDB-2015-002874
Trust: 0.8
db:CNNVDid:CNNVD-201505-583
Trust: 0.7
db:SECUNIAid:64602
Trust: 0.6
db:VULHUBid:VHN-78703
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78703 // 
            
            
            
            BID: 74864 // 
            
            
            
            JVNDB: JVNDB-2015-002874 // 
            
            
            
            CNNVD: CNNVD-201505-583 // 
            
            
            
            NVD: CVE-2015-0757

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39042
Trust: 2.0
url:http://www.securityfocus.com/bid/74864
Trust: 1.1
url:http://www.securitytracker.com/id/1032420
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0757
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0757
Trust: 0.8
url:http://secunia.com/advisories/64602
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps11640/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78703 // 
            
            
            
            BID: 74864 // 
            
            
            
            JVNDB: JVNDB-2015-002874 // 
            
            
            
            CNNVD: CNNVD-201505-583 // 
            
            
            
            NVD: CVE-2015-0757

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74864

SOURCES
db:VULHUBid:VHN-78703
db:BIDid:74864
db:JVNDBid:JVNDB-2015-002874
db:CNNVDid:CNNVD-201505-583
db:NVDid:CVE-2015-0757

LAST UPDATE DATE
2024-11-23T22:31:09.293000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78703date:2017-03-24T00:00:00
db:BIDid:74864date:2017-03-23T01:01:00
db:JVNDBid:JVNDB-2015-002874date:2015-06-03T00:00:00
db:CNNVDid:CNNVD-201505-583date:2015-06-01T00:00:00
db:NVDid:CVE-2015-0757date:2024-11-21T02:23:39.743

SOURCES RELEASE DATE
db:VULHUBid:VHN-78703date:2015-05-29T00:00:00
db:BIDid:74864date:2015-05-27T00:00:00
db:JVNDBid:JVNDB-2015-002874date:2015-06-03T00:00:00
db:CNNVDid:CNNVD-201505-583date:2015-05-29T00:00:00
db:NVDid:CVE-2015-0757date:2015-05-29T15:59:11.170