Sign-up

ID

VAR-201507-0506


CVE

CVE-2015-4276


TITLE

Cisco WebEx Meetings Server Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-003856

DESCRIPTION

Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. An attacker can exploit this issue to execute arbitrary code on the affected system. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCus56138. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There is a security vulnerability in CWMS 2.5MR1 version

Trust: 1.98

sources: NVD: CVE-2015-4276 // JVNDB: JVNDB-2015-003856 // BID: 75917 // VULHUB: VHN-82237

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5\(1\)

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5mr1

Trust: 0.8

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:webex meetings server mr1scope:eqversion:2.5

Trust: 0.3

vendor:ibmmodel:powerkvm sp3scope:neversion:2.1.1

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:neversion:2.1.165.1

Trust: 0.3

sources: BID: 75917 // JVNDB: JVNDB-2015-003856 // CNNVD: CNNVD-201507-634 // NVD: CVE-2015-4276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4276
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4276
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-634
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82237
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4276
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82237
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82237 // JVNDB: JVNDB-2015-003856 // CNNVD: CNNVD-201507-634 // NVD: CVE-2015-4276

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-82237 // JVNDB: JVNDB-2015-003856 // NVD: CVE-2015-4276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-634

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201507-634

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003856

PATCH
title:39938url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39938
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003856

EXTERNAL IDS
db:NVDid:CVE-2015-4276
Trust: 2.8
db:BIDid:75917
Trust: 1.4
db:SECTRACKid:1032963
Trust: 1.1
db:JVNDBid:JVNDB-2015-003856
Trust: 0.8
db:CNNVDid:CNNVD-201507-634
Trust: 0.7
db:VULHUBid:VHN-82237
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82237 // 
            
            
            
            BID: 75917 // 
            
            
            
            JVNDB: JVNDB-2015-003856 // 
            
            
            
            CNNVD: CNNVD-201507-634 // 
            
            
            
            NVD: CVE-2015-4276

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39938
Trust: 2.0
url:http://www.securityfocus.com/bid/75917
Trust: 1.1
url:http://www.securitytracker.com/id/1032963
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4276
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4276
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.ibm.com/support/docview.wss?uid=isg3t1022834
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82237 // 
            
            
            
            BID: 75917 // 
            
            
            
            JVNDB: JVNDB-2015-003856 // 
            
            
            
            CNNVD: CNNVD-201507-634 // 
            
            
            
            NVD: CVE-2015-4276

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75917

SOURCES
db:VULHUBid:VHN-82237
db:BIDid:75917
db:JVNDBid:JVNDB-2015-003856
db:CNNVDid:CNNVD-201507-634
db:NVDid:CVE-2015-4276

LAST UPDATE DATE
2024-11-23T22:31:07.859000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82237date:2017-09-22T00:00:00
db:BIDid:75917date:2015-12-08T22:06:00
db:JVNDBid:JVNDB-2015-003856date:2015-07-22T00:00:00
db:CNNVDid:CNNVD-201507-634date:2015-07-23T00:00:00
db:NVDid:CVE-2015-4276date:2024-11-21T02:30:45.110

SOURCES RELEASE DATE
db:VULHUBid:VHN-82237date:2015-07-16T00:00:00
db:BIDid:75917date:2015-07-15T00:00:00
db:JVNDBid:JVNDB-2015-003856date:2015-07-22T00:00:00
db:CNNVDid:CNNVD-201507-634date:2015-07-17T00:00:00
db:NVDid:CVE-2015-4276date:2015-07-16T19:59:02.897