Sign-up

ID

VAR-201506-0156


CVE

CVE-2015-0764


TITLE

Cisco Unified MeetingPlace Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2015-002943

DESCRIPTION

Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCus95603. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2015-0764 // JVNDB: JVNDB-2015-002943 // BID: 74967 // VULHUB: VHN-78710

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.9\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.9)

Trust: 1.1

sources: BID: 74967 // JVNDB: JVNDB-2015-002943 // CNNVD: CNNVD-201506-053 // NVD: CVE-2015-0764

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0764
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0764
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-053
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78710
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0764
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78710
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78710 // JVNDB: JVNDB-2015-002943 // CNNVD: CNNVD-201506-053 // NVD: CVE-2015-0764

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-78710 // JVNDB: JVNDB-2015-002943 // NVD: CVE-2015-0764

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-053

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002943

PATCH
title:39163url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39163
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002943

EXTERNAL IDS
db:NVDid:CVE-2015-0764
Trust: 2.8
db:SECTRACKid:1032481
Trust: 1.1
db:JVNDBid:JVNDB-2015-002943
Trust: 0.8
db:CNNVDid:CNNVD-201506-053
Trust: 0.6
db:BIDid:74967
Trust: 0.4
db:VULHUBid:VHN-78710
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78710 // 
            
            
            
            BID: 74967 // 
            
            
            
            JVNDB: JVNDB-2015-002943 // 
            
            
            
            CNNVD: CNNVD-201506-053 // 
            
            
            
            NVD: CVE-2015-0764

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39163
Trust: 2.0
url:http://www.securitytracker.com/id/1032481
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0764
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0764
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78710 // 
            
            
            
            BID: 74967 // 
            
            
            
            JVNDB: JVNDB-2015-002943 // 
            
            
            
            CNNVD: CNNVD-201506-053 // 
            
            
            
            NVD: CVE-2015-0764

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74967

SOURCES
db:VULHUBid:VHN-78710
db:BIDid:74967
db:JVNDBid:JVNDB-2015-002943
db:CNNVDid:CNNVD-201506-053
db:NVDid:CVE-2015-0764

LAST UPDATE DATE
2024-11-23T21:44:09.663000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78710date:2017-01-04T00:00:00
db:BIDid:74967date:2015-06-03T00:00:00
db:JVNDBid:JVNDB-2015-002943date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-053date:2015-06-10T00:00:00
db:NVDid:CVE-2015-0764date:2024-11-21T02:23:40.520

SOURCES RELEASE DATE
db:VULHUBid:VHN-78710date:2015-06-04T00:00:00
db:BIDid:74967date:2015-06-03T00:00:00
db:JVNDBid:JVNDB-2015-002943date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-053date:2015-06-05T00:00:00
db:NVDid:CVE-2015-0764date:2015-06-04T10:59:04.833