Details of VAR-201506-0307

ID

VAR-201506-0307

CVE

CVE-2015-4219

TITLE

Cisco Secure Access Control System and Cisco Identity Services Engine Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-003273

DESCRIPTION

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. Vendors have confirmed this vulnerability Bug ID CSCue00833 and CSCub40331 It is released as.Remotely authenticated user brute force sends valid credentials (brute-force) Attempting to get important information may be possible. Multiple Cisco products are prone to an unauthorized-access vulnerability Attackers can exploit this issue to gain unauthorized to affected system. This may aid in further attacks. This issue is being tracked by Cisco Bug ID's CSCue00833 and CSCub40331. The former is a security access control system. The latter is an identity-based context-aware platform (ISE Identity Services Engine)

Trust: 1.98

sources: NVD: CVE-2015-4219 // JVNDB: JVNDB-2015-003273 // BID: 75379 // VULHUB: VHN-82180

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.5	Trust: 1.9
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0.4.573	Trust: 1.9
vendor:	cisco	model:	secure access control system	scope:	lte	version:	5.4.0.46.1	Trust: 1.0
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.5(0.46)	Trust: 0.8
vendor:	cisco	model:	secure access control system software	scope:	lt	version:	5.5	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0(4.573)	Trust: 0.8
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4.0.46.1	Trust: 0.6
vendor:	cisco	model:	secure access control system	scope:	ne	version:	5.5(0.46)	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	ne	version:	5.4(0.46.2)	Trust: 0.3

sources: BID: 75379 // JVNDB: JVNDB-2015-003273 // CNNVD: CNNVD-201506-491 // NVD: CVE-2015-4219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4219
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4219
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201506-491
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82180
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4219
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-82180
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82180 // JVNDB: JVNDB-2015-003273 // CNNVD: CNNVD-201506-491 // NVD: CVE-2015-4219

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-264	Trust: 1.1

sources: VULHUB: VHN-82180 // JVNDB: JVNDB-2015-003273 // NVD: CVE-2015-4219

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-491

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-491

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003273

PATCH

title:

39501

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39501

Trust: 0.8

sources: JVNDB: JVNDB-2015-003273

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4219	Trust: 2.8
db:	BID	id:	75379	Trust: 1.4
db:	SECTRACK	id:	1032714	Trust: 1.1
db:	SECTRACK	id:	1032713	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003273	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-491	Trust: 0.7
db:	VULHUB	id:	VHN-82180	Trust: 0.1

sources: VULHUB: VHN-82180 // BID: 75379 // JVNDB: JVNDB-2015-003273 // CNNVD: CNNVD-201506-491 // NVD: CVE-2015-4219

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39501	Trust: 2.0
url:	http://www.securityfocus.com/bid/75379	Trust: 1.1
url:	http://www.securitytracker.com/id/1032713	Trust: 1.1
url:	http://www.securitytracker.com/id/1032714	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4219	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4219	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-82180 // BID: 75379 // JVNDB: JVNDB-2015-003273 // CNNVD: CNNVD-201506-491 // NVD: CVE-2015-4219

CREDITS

Cisco

Trust: 0.3

sources: BID: 75379

SOURCES

db:	VULHUB	id:	VHN-82180
db:	BID	id:	75379
db:	JVNDB	id:	JVNDB-2015-003273
db:	CNNVD	id:	CNNVD-201506-491
db:	NVD	id:	CVE-2015-4219

LAST UPDATE DATE

2024-11-23T23:05:38.979000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82180	date:	2016-12-29T00:00:00
db:	BID	id:	75379	date:	2015-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-003273	date:	2015-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201506-491	date:	2015-06-25T00:00:00
db:	NVD	id:	CVE-2015-4219	date:	2024-11-21T02:30:39.487

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82180	date:	2015-06-24T00:00:00
db:	BID	id:	75379	date:	2015-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-003273	date:	2015-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201506-491	date:	2015-06-25T00:00:00
db:	NVD	id:	CVE-2015-4219	date:	2015-06-24T10:59:12.807