Sign-up

ID

VAR-201506-0160


CVE

CVE-2015-0768


TITLE

Cisco Prime Network Control System of Device Work Center Vulnerabilities that prevent access restrictions on components

Trust: 0.8

sources: JVNDB: JVNDB-2015-003072

DESCRIPTION

The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371. Cisco Prime Network Control System is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCur27371. Device Work Center (DWC) is one of the monitoring and fault diagnosis components. The following releases are affected: Cisco Prime NCS Release 2.1(0.0.85), Release 2.2(0.0.58), Release 2.2(0.0.69)

Trust: 1.98

sources: NVD: CVE-2015-0768 // JVNDB: JVNDB-2015-003072 // BID: 75096 // VULHUB: VHN-78714

AFFECTED PRODUCTS

vendor:ciscomodel:prime network control systemscope:eqversion:2.1\(0.0.85\)

Trust: 1.6

vendor:ciscomodel:prime network control systemscope:eqversion:2.2\(0.0.58\)

Trust: 1.6

vendor:ciscomodel:prime network control systemscope:eqversion:2.2\(0.0.69\)

Trust: 1.6

vendor:ciscomodel:prime network control system softwarescope:eqversion:2.1(0.0.85)

Trust: 0.8

vendor:ciscomodel:prime network control system softwarescope:eqversion:2.2(0.0.58)

Trust: 0.8

vendor:ciscomodel:prime network control system softwarescope:eqversion:2.2(0.0.69)

Trust: 0.8

vendor:ciscomodel:prime network control systemscope:eqversion:2.2(0.0.69)

Trust: 0.3

vendor:ciscomodel:prime network control systemscope:eqversion:2.2(0.0.58)

Trust: 0.3

vendor:ciscomodel:prime network control systemscope:eqversion:2.1(0.0.85)

Trust: 0.3

sources: BID: 75096 // JVNDB: JVNDB-2015-003072 // CNNVD: CNNVD-201506-237 // NVD: CVE-2015-0768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0768
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0768
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-237
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78714
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0768
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78714
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78714 // JVNDB: JVNDB-2015-003072 // CNNVD: CNNVD-201506-237 // NVD: CVE-2015-0768

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-78714 // JVNDB: JVNDB-2015-003072 // NVD: CVE-2015-0768

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-237

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201506-237

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003072

PATCH
title:39192url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39192
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003072

EXTERNAL IDS
db:NVDid:CVE-2015-0768
Trust: 2.8
db:SECTRACKid:1032541
Trust: 1.1
db:JVNDBid:JVNDB-2015-003072
Trust: 0.8
db:CNNVDid:CNNVD-201506-237
Trust: 0.7
db:BIDid:75096
Trust: 0.4
db:VULHUBid:VHN-78714
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78714 // 
            
            
            
            BID: 75096 // 
            
            
            
            JVNDB: JVNDB-2015-003072 // 
            
            
            
            CNNVD: CNNVD-201506-237 // 
            
            
            
            NVD: CVE-2015-0768

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39192
Trust: 2.0
url:http://www.securitytracker.com/id/1032541
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0768
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0768
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78714 // 
            
            
            
            BID: 75096 // 
            
            
            
            JVNDB: JVNDB-2015-003072 // 
            
            
            
            CNNVD: CNNVD-201506-237 // 
            
            
            
            NVD: CVE-2015-0768

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 75096

SOURCES
db:VULHUBid:VHN-78714
db:BIDid:75096
db:JVNDBid:JVNDB-2015-003072
db:CNNVDid:CNNVD-201506-237
db:NVDid:CVE-2015-0768

LAST UPDATE DATE
2024-11-23T23:05:39.096000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78714date:2017-01-04T00:00:00
db:BIDid:75096date:2015-06-09T00:00:00
db:JVNDBid:JVNDB-2015-003072date:2015-06-16T00:00:00
db:CNNVDid:CNNVD-201506-237date:2015-06-18T00:00:00
db:NVDid:CVE-2015-0768date:2024-11-21T02:23:40.957

SOURCES RELEASE DATE
db:VULHUBid:VHN-78714date:2015-06-12T00:00:00
db:BIDid:75096date:2015-06-09T00:00:00
db:JVNDBid:JVNDB-2015-003072date:2015-06-16T00:00:00
db:CNNVDid:CNNVD-201506-237date:2015-06-15T00:00:00
db:NVDid:CVE-2015-0768date:2015-06-12T14:59:00.067