Sign-up

ID

VAR-201507-0504


CVE

CVE-2015-4274


TITLE

Cisco Unified Intelligence Center of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2015-003854

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. Vendors have confirmed this vulnerability Bug ID CSCuu94862 and CSCuu97936 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDsCSCuu94862 and CSCuu97936. The platform provides functions such as report-related business data and comprehensive display of call center data

Trust: 1.98

sources: NVD: CVE-2015-4274 // JVNDB: JVNDB-2015-003854 // BID: 75916 // VULHUB: VHN-82235

AFFECTED PRODUCTS

vendor:ciscomodel:unified intelligence centerscope:eqversion:10.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified intelligence centerscope:eqversion:10.6\(1\)

Trust: 1.6

vendor:ciscomodel:unified intelligence centerscope:eqversion:10.6(1)

Trust: 1.1

vendor:ciscomodel:unified intelligence centerscope:eqversion:10.0(1)

Trust: 1.1

sources: BID: 75916 // JVNDB: JVNDB-2015-003854 // CNNVD: CNNVD-201507-632 // NVD: CVE-2015-4274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4274
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4274
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-632
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82235
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4274
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82235
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82235 // JVNDB: JVNDB-2015-003854 // CNNVD: CNNVD-201507-632 // NVD: CVE-2015-4274

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-82235 // JVNDB: JVNDB-2015-003854 // NVD: CVE-2015-4274

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-632

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-632

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003854

PATCH
title:39920url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39920
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003854

EXTERNAL IDS
db:NVDid:CVE-2015-4274
Trust: 2.8
db:SECTRACKid:1032962
Trust: 1.1
db:JVNDBid:JVNDB-2015-003854
Trust: 0.8
db:CNNVDid:CNNVD-201507-632
Trust: 0.7
db:BIDid:75916
Trust: 0.4
db:VULHUBid:VHN-82235
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82235 // 
            
            
            
            BID: 75916 // 
            
            
            
            JVNDB: JVNDB-2015-003854 // 
            
            
            
            CNNVD: CNNVD-201507-632 // 
            
            
            
            NVD: CVE-2015-4274

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39920
Trust: 2.0
url:http://www.securitytracker.com/id/1032962
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4274
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4274
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82235 // 
            
            
            
            BID: 75916 // 
            
            
            
            JVNDB: JVNDB-2015-003854 // 
            
            
            
            CNNVD: CNNVD-201507-632 // 
            
            
            
            NVD: CVE-2015-4274

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75916

SOURCES
db:VULHUBid:VHN-82235
db:BIDid:75916
db:JVNDBid:JVNDB-2015-003854
db:CNNVDid:CNNVD-201507-632
db:NVDid:CVE-2015-4274

LAST UPDATE DATE
2024-11-23T22:45:56.834000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82235date:2017-09-22T00:00:00
db:BIDid:75916date:2015-07-15T00:00:00
db:JVNDBid:JVNDB-2015-003854date:2015-07-22T00:00:00
db:CNNVDid:CNNVD-201507-632date:2015-07-17T00:00:00
db:NVDid:CVE-2015-4274date:2024-11-21T02:30:44.890

SOURCES RELEASE DATE
db:VULHUBid:VHN-82235date:2015-07-16T00:00:00
db:BIDid:75916date:2015-07-15T00:00:00
db:JVNDBid:JVNDB-2015-003854date:2015-07-22T00:00:00
db:CNNVDid:CNNVD-201507-632date:2015-07-17T00:00:00
db:NVDid:CVE-2015-4274date:2015-07-16T19:59:01.007