Sign-up

ID

VAR-201506-0302


CVE

CVE-2015-4214


TITLE

Cisco Unified MeetingPlace Vulnerabilities in obtaining plaintext passwords

Trust: 0.8

sources: JVNDB: JVNDB-2015-003270

DESCRIPTION

Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. Cisco Unified MeetingPlace Contains a vulnerability where a plaintext password can be obtained. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuu33050. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2015-4214 // JVNDB: JVNDB-2015-003270 // BID: 75380 // VULHUB: VHN-82175

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.9\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.2\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.9)

Trust: 1.1

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.2)

Trust: 1.1

sources: BID: 75380 // JVNDB: JVNDB-2015-003270 // CNNVD: CNNVD-201506-488 // NVD: CVE-2015-4214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4214
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4214
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-488
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82175
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4214
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82175
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82175 // JVNDB: JVNDB-2015-003270 // CNNVD: CNNVD-201506-488 // NVD: CVE-2015-4214

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82175 // JVNDB: JVNDB-2015-003270 // NVD: CVE-2015-4214

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-488

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-488

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003270

PATCH
title:39470url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39470
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003270

EXTERNAL IDS
db:NVDid:CVE-2015-4214
Trust: 2.8
db:BIDid:75380
Trust: 1.4
db:SECTRACKid:1032703
Trust: 1.1
db:JVNDBid:JVNDB-2015-003270
Trust: 0.8
db:CNNVDid:CNNVD-201506-488
Trust: 0.7
db:VULHUBid:VHN-82175
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82175 // 
            
            
            
            BID: 75380 // 
            
            
            
            JVNDB: JVNDB-2015-003270 // 
            
            
            
            CNNVD: CNNVD-201506-488 // 
            
            
            
            NVD: CVE-2015-4214

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39470
Trust: 2.0
url:http://www.securityfocus.com/bid/75380
Trust: 1.1
url:http://www.securitytracker.com/id/1032703
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4214
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4214
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82175 // 
            
            
            
            BID: 75380 // 
            
            
            
            JVNDB: JVNDB-2015-003270 // 
            
            
            
            CNNVD: CNNVD-201506-488 // 
            
            
            
            NVD: CVE-2015-4214

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75380

SOURCES
db:VULHUBid:VHN-82175
db:BIDid:75380
db:JVNDBid:JVNDB-2015-003270
db:CNNVDid:CNNVD-201506-488
db:NVDid:CVE-2015-4214

LAST UPDATE DATE
2024-11-23T22:59:36.093000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82175date:2016-12-28T00:00:00
db:BIDid:75380date:2015-06-23T00:00:00
db:JVNDBid:JVNDB-2015-003270date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-488date:2015-06-25T00:00:00
db:NVDid:CVE-2015-4214date:2024-11-21T02:30:38.897

SOURCES RELEASE DATE
db:VULHUBid:VHN-82175date:2015-06-24T00:00:00
db:BIDid:75380date:2015-06-23T00:00:00
db:JVNDBid:JVNDB-2015-003270date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-488date:2015-06-25T00:00:00
db:NVDid:CVE-2015-4214date:2015-06-24T10:59:09.977