Sign-up

ID

VAR-201506-0309


CVE

CVE-2015-4221


TITLE

Cisco Unified Communications Manager IM and Presence Service Vulnerabilities in which plaintext passwords are identified

Trust: 0.8

sources: JVNDB: JVNDB-2015-003286

DESCRIPTION

Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194. A remote attacker can exploit this issue to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSCuq46194

Trust: 1.98

sources: NVD: CVE-2015-4221 // JVNDB: JVNDB-2015-003286 // BID: 75401 // VULHUB: VHN-82182

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:9.1\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:9.1(1)

Trust: 0.8

sources: JVNDB: JVNDB-2015-003286 // CNNVD: CNNVD-201506-574 // NVD: CVE-2015-4221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4221
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4221
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-574
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82182
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4221
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82182
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82182 // JVNDB: JVNDB-2015-003286 // CNNVD: CNNVD-201506-574 // NVD: CVE-2015-4221

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82182 // JVNDB: JVNDB-2015-003286 // NVD: CVE-2015-4221

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-574

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201506-574

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003286

PATCH
title:39505url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39505
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003286

EXTERNAL IDS
db:NVDid:CVE-2015-4221
Trust: 2.8
db:BIDid:75401
Trust: 1.4
db:SECTRACKid:1032716
Trust: 1.1
db:JVNDBid:JVNDB-2015-003286
Trust: 0.8
db:CNNVDid:CNNVD-201506-574
Trust: 0.7
db:VULHUBid:VHN-82182
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82182 // 
            
            
            
            BID: 75401 // 
            
            
            
            JVNDB: JVNDB-2015-003286 // 
            
            
            
            CNNVD: CNNVD-201506-574 // 
            
            
            
            NVD: CVE-2015-4221

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39505
Trust: 1.7
url:http://www.securityfocus.com/bid/75401
Trust: 1.1
url:http://www.securitytracker.com/id/1032716
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4221
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4221
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82182 // 
            
            
            
            BID: 75401 // 
            
            
            
            JVNDB: JVNDB-2015-003286 // 
            
            
            
            CNNVD: CNNVD-201506-574 // 
            
            
            
            NVD: CVE-2015-4221

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75401

SOURCES
db:VULHUBid:VHN-82182
db:BIDid:75401
db:JVNDBid:JVNDB-2015-003286
db:CNNVDid:CNNVD-201506-574
db:NVDid:CVE-2015-4221

LAST UPDATE DATE
2024-11-23T22:08:02.849000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82182date:2016-12-28T00:00:00
db:BIDid:75401date:2015-07-15T00:48:00
db:JVNDBid:JVNDB-2015-003286date:2015-06-29T00:00:00
db:CNNVDid:CNNVD-201506-574date:2015-06-29T00:00:00
db:NVDid:CVE-2015-4221date:2024-11-21T02:30:39.727

SOURCES RELEASE DATE
db:VULHUBid:VHN-82182date:2015-06-26T00:00:00
db:BIDid:75401date:2015-06-24T00:00:00
db:JVNDBid:JVNDB-2015-003286date:2015-06-29T00:00:00
db:CNNVDid:CNNVD-201506-574date:2015-06-29T00:00:00
db:NVDid:CVE-2015-4221date:2015-06-26T10:59:05.420