Details of VAR-201506-0165

ID

VAR-201506-0165

CVE

CVE-2015-0773

TITLE

Cisco FireSIGHT system Vulnerability to delete arbitrary user's dashboard in software

Trust: 0.8

sources: JVNDB: JVNDB-2015-003070

DESCRIPTION

Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. Cisco FireSIGHT system The software contains a vulnerability that allows arbitrary user dashboards to be deleted. The Cisco FireSIGHT ManagementCenter is a set of network security and operations that support centralized management of Cisco ASA and Cisco FirePOWER network security appliances using FirePOWER Services. The Cisco FireSIGHT Management Center has security issues. Remotely authenticated non-privileged users submit special VPN removal requests and delete the user's VPN panel. Cisco FireSIGHT System Software is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to to delete the VPN dashboard of a targeted user. This may result in a denial of service condition. This issue is being tracked by Cisco Bug ID CSCut67078

Trust: 2.52

sources: NVD: CVE-2015-0773 // JVNDB: JVNDB-2015-003070 // CNVD: CNVD-2015-03784 // BID: 75099 // VULHUB: VHN-78719

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03784

AFFECTED PRODUCTS

vendor:	cisco	model:	firesight system software	scope:	eq	version:	6.0.0	Trust: 2.7
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.3.1.1	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.3.1.3	Trust: 1.1
vendor:	cisco	model:	firesight	scope:	eq	version:	5.3.1.3	Trust: 0.6
vendor:	cisco	model:	firesight	scope:	eq	version:	6.0.0	Trust: 0.6

sources: CNVD: CNVD-2015-03784 // BID: 75099 // JVNDB: JVNDB-2015-003070 // CNNVD: CNNVD-201506-235 // NVD: CVE-2015-0773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0773
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0773
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03784
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-235
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78719
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0773
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03784
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78719
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03784 // VULHUB: VHN-78719 // JVNDB: JVNDB-2015-003070 // CNNVD: CNNVD-201506-235 // NVD: CVE-2015-0773

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-78719 // JVNDB: JVNDB-2015-003070 // NVD: CVE-2015-0773

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-235

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201506-235

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003070

PATCH

title:	39256	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39256	Trust: 0.8
title:	Cisco FireSIGHT Management Center configures patches for modifying vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/59662	Trust: 0.6

sources: CNVD: CNVD-2015-03784 // JVNDB: JVNDB-2015-003070

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0773	Trust: 3.4
db:	SECTRACK	id:	1032542	Trust: 1.1
db:	BID	id:	75099	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-003070	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-235	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03784	Trust: 0.6
db:	VULHUB	id:	VHN-78719	Trust: 0.1

sources: CNVD: CNVD-2015-03784 // VULHUB: VHN-78719 // BID: 75099 // JVNDB: JVNDB-2015-003070 // CNNVD: CNNVD-201506-235 // NVD: CVE-2015-0773

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39256	Trust: 2.6
url:	http://www.securitytracker.com/id/1032542	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0773	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0773	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/security/firesight-management-center/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-03784 // VULHUB: VHN-78719 // BID: 75099 // JVNDB: JVNDB-2015-003070 // CNNVD: CNNVD-201506-235 // NVD: CVE-2015-0773

CREDITS

Cisco

Trust: 0.3

sources: BID: 75099

SOURCES

db:	CNVD	id:	CNVD-2015-03784
db:	VULHUB	id:	VHN-78719
db:	BID	id:	75099
db:	JVNDB	id:	JVNDB-2015-003070
db:	CNNVD	id:	CNNVD-201506-235
db:	NVD	id:	CVE-2015-0773

LAST UPDATE DATE

2024-11-23T22:13:29.288000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03784	date:	2015-06-16T00:00:00
db:	VULHUB	id:	VHN-78719	date:	2017-01-04T00:00:00
db:	BID	id:	75099	date:	2015-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003070	date:	2015-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201506-235	date:	2015-06-15T00:00:00
db:	NVD	id:	CVE-2015-0773	date:	2024-11-21T02:23:41.540

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03784	date:	2015-06-15T00:00:00
db:	VULHUB	id:	VHN-78719	date:	2015-06-12T00:00:00
db:	BID	id:	75099	date:	2015-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003070	date:	2015-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201506-235	date:	2015-06-15T00:00:00
db:	NVD	id:	CVE-2015-0773	date:	2015-06-12T10:59:02.587