Sign-up

ID

VAR-201507-0515


CVE

CVE-2015-4287


TITLE

Cisco Firepower 9000 Run on device Firepower Extensible Operating System Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-003945

DESCRIPTION

Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. Cisco Firepower 9000 Series devices are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCuu82230

Trust: 1.98

sources: NVD: CVE-2015-4287 // JVNDB: JVNDB-2015-003945 // BID: 76057 // VULHUB: VHN-82248

AFFECTED PRODUCTS

vendor:ciscomodel:firepower extensible operating systemscope:eqversion:1.1\(1.86\)

Trust: 1.6

vendor:ciscomodel:firepower extensible operating systemscope:eqversion:1.1(1.86)

Trust: 1.1

sources: BID: 76057 // JVNDB: JVNDB-2015-003945 // CNNVD: CNNVD-201507-773 // NVD: CVE-2015-4287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4287
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4287
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-773
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82248
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4287
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82248
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82248 // JVNDB: JVNDB-2015-003945 // CNNVD: CNNVD-201507-773 // NVD: CVE-2015-4287

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82248 // JVNDB: JVNDB-2015-003945 // NVD: CVE-2015-4287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-773

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201507-773

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003945

PATCH
title:40136url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40136
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003945

EXTERNAL IDS
db:NVDid:CVE-2015-4287
Trust: 2.8
db:BIDid:76057
Trust: 1.0
db:JVNDBid:JVNDB-2015-003945
Trust: 0.8
db:CNNVDid:CNNVD-201507-773
Trust: 0.7
db:VULHUBid:VHN-82248
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82248 // 
            
            
            
            BID: 76057 // 
            
            
            
            JVNDB: JVNDB-2015-003945 // 
            
            
            
            CNNVD: CNNVD-201507-773 // 
            
            
            
            NVD: CVE-2015-4287

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40136
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4287
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4287
Trust: 0.8
url:http://www.securityfocus.com/bid/76057
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82248 // 
            
            
            
            BID: 76057 // 
            
            
            
            JVNDB: JVNDB-2015-003945 // 
            
            
            
            CNNVD: CNNVD-201507-773 // 
            
            
            
            NVD: CVE-2015-4287

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76057 // 
            
            
            
            CNNVD: CNNVD-201507-773

SOURCES
db:VULHUBid:VHN-82248
db:BIDid:76057
db:JVNDBid:JVNDB-2015-003945
db:CNNVDid:CNNVD-201507-773
db:NVDid:CVE-2015-4287

LAST UPDATE DATE
2024-11-23T22:18:23.487000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82248date:2015-07-29T00:00:00
db:BIDid:76057date:2015-07-27T00:00:00
db:JVNDBid:JVNDB-2015-003945date:2015-07-30T00:00:00
db:CNNVDid:CNNVD-201507-773date:2015-07-30T00:00:00
db:NVDid:CVE-2015-4287date:2024-11-21T02:30:46.353

SOURCES RELEASE DATE
db:VULHUBid:VHN-82248date:2015-07-29T00:00:00
db:BIDid:76057date:2015-07-27T00:00:00
db:JVNDBid:JVNDB-2015-003945date:2015-07-30T00:00:00
db:CNNVDid:CNNVD-201507-773date:2015-07-29T00:00:00
db:NVDid:CVE-2015-4287date:2015-07-29T01:59:05.920