Sign-up

ID

VAR-201506-0313


CVE

CVE-2015-4225


TITLE

Cisco Nexus 9000 Run on device Application Policy Infrastructure Controller Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-003291

DESCRIPTION

Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485. Vendors have confirmed this vulnerability Bug ID CSCuq77485 It is released as.Remotely authenticated users can obtain important information. All ACI information, optimizing application lifecycles, configuring applications across physical and virtual resources, and more. A security vulnerability exists in Cisco APIC 1.0 (1.110a) and 1.0 (1e) versions on Cisco Nexus 9000 devices due to the failure of the program to properly handle the RBAC protection mechanism of \342\200\230health scores\342\200\231. A remote attacker can exploit this vulnerability to obtain sensitive information. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuq77485

Trust: 2.52

sources: NVD: CVE-2015-4225 // JVNDB: JVNDB-2015-003291 // CNVD: CNVD-2015-04150 // BID: 75433 // VULHUB: VHN-82186

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04150

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:1.0\(1e\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:1.0\(1.110a\)

Trust: 1.6

vendor:ciscomodel:application policy infrastructure controller 1.0scope: - version: -

Trust: 1.2

vendor:ciscomodel:nexus 93120tx switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 93128tx switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9332pq switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9336pq aci spini switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9372px switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9372tx switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9396px switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9396tx switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9504 switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9508 switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9516 switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:1.0(1.110a)

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:1.0(1e)

Trust: 0.8

vendor:ciscomodel:nexus devicesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nx-os software for nexus 1.0scope:eqversion:9000

Trust: 0.6

sources: CNVD: CNVD-2015-04150 // BID: 75433 // JVNDB: JVNDB-2015-003291 // CNNVD: CNNVD-201506-582 // NVD: CVE-2015-4225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4225
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4225
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04150
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-582
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82186
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4225
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04150
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82186
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04150 // VULHUB: VHN-82186 // JVNDB: JVNDB-2015-003291 // CNNVD: CNNVD-201506-582 // NVD: CVE-2015-4225

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82186 // JVNDB: JVNDB-2015-003291 // NVD: CVE-2015-4225

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-582

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201506-582

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003291

PATCH
title:39529url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39529
Trust: 0.8
title:Cisco Nexus 9000 Application Policy Infrastructure Controller is not authorized to access vulnerable patchesurl:https://www.cnvd.org.cn/patchInfo/show/60202
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04150 // 
            
            
            
            JVNDB: JVNDB-2015-003291

EXTERNAL IDS
db:NVDid:CVE-2015-4225
Trust: 3.4
db:BIDid:75433
Trust: 1.4
db:SECTRACKid:1032735
Trust: 1.1
db:JVNDBid:JVNDB-2015-003291
Trust: 0.8
db:CNNVDid:CNNVD-201506-582
Trust: 0.7
db:CNVDid:CNVD-2015-04150
Trust: 0.6
db:VULHUBid:VHN-82186
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04150 // 
            
            
            
            VULHUB: VHN-82186 // 
            
            
            
            BID: 75433 // 
            
            
            
            JVNDB: JVNDB-2015-003291 // 
            
            
            
            CNNVD: CNNVD-201506-582 // 
            
            
            
            NVD: CVE-2015-4225

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39529
Trust: 2.6
url:http://www.securityfocus.com/bid/75433
Trust: 1.1
url:http://www.securitytracker.com/id/1032735
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4225
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4225
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04150 // 
            
            
            
            VULHUB: VHN-82186 // 
            
            
            
            BID: 75433 // 
            
            
            
            JVNDB: JVNDB-2015-003291 // 
            
            
            
            CNNVD: CNNVD-201506-582 // 
            
            
            
            NVD: CVE-2015-4225

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 75433

SOURCES
db:CNVDid:CNVD-2015-04150
db:VULHUBid:VHN-82186
db:BIDid:75433
db:JVNDBid:JVNDB-2015-003291
db:CNNVDid:CNNVD-201506-582
db:NVDid:CVE-2015-4225

LAST UPDATE DATE
2024-11-23T22:38:52.067000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04150date:2015-07-01T00:00:00
db:VULHUBid:VHN-82186date:2016-12-29T00:00:00
db:BIDid:75433date:2015-06-26T00:00:00
db:JVNDBid:JVNDB-2015-003291date:2015-06-30T00:00:00
db:CNNVDid:CNNVD-201506-582date:2015-07-03T00:00:00
db:NVDid:CVE-2015-4225date:2024-11-21T02:30:40.183

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04150date:2015-07-01T00:00:00
db:VULHUBid:VHN-82186date:2015-06-27T00:00:00
db:BIDid:75433date:2015-06-26T00:00:00
db:JVNDBid:JVNDB-2015-003291date:2015-06-30T00:00:00
db:CNNVDid:CNNVD-201506-582date:2015-06-29T00:00:00
db:NVDid:CVE-2015-4225date:2015-06-27T10:59:01.173