Sign-up

ID

VAR-201507-0530


CVE

CVE-2015-4242


TITLE

Cisco FireSIGHT Management Center of FireSIGHT system Software cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003493

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721. Vendors have confirmed this vulnerability Bug ID CSCuu94721 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuu94721. The following products and versions are affected: Cisco FireSIGHT System Software Versions 5.4.1.2 and 6.0.0

Trust: 1.98

sources: NVD: CVE-2015-4242 // JVNDB: JVNDB-2015-003493 // BID: 75583 // VULHUB: VHN-82203

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 2.7

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.2

Trust: 2.7

sources: BID: 75583 // JVNDB: JVNDB-2015-003493 // CNNVD: CNNVD-201507-194 // NVD: CVE-2015-4242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4242
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4242
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-194
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82203
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4242
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82203
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82203 // JVNDB: JVNDB-2015-003493 // CNNVD: CNNVD-201507-194 // NVD: CVE-2015-4242

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-82203 // JVNDB: JVNDB-2015-003493 // NVD: CVE-2015-4242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-194

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-194

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003493

PATCH
title:39643url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39643
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003493

EXTERNAL IDS
db:NVDid:CVE-2015-4242
Trust: 2.8
db:SECTRACKid:1032806
Trust: 1.1
db:JVNDBid:JVNDB-2015-003493
Trust: 0.8
db:CNNVDid:CNNVD-201507-194
Trust: 0.7
db:BIDid:75583
Trust: 0.4
db:VULHUBid:VHN-82203
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82203 // 
            
            
            
            BID: 75583 // 
            
            
            
            JVNDB: JVNDB-2015-003493 // 
            
            
            
            CNNVD: CNNVD-201507-194 // 
            
            
            
            NVD: CVE-2015-4242

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39643
Trust: 2.0
url:http://www.securitytracker.com/id/1032806
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4242
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4242
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82203 // 
            
            
            
            BID: 75583 // 
            
            
            
            JVNDB: JVNDB-2015-003493 // 
            
            
            
            CNNVD: CNNVD-201507-194 // 
            
            
            
            NVD: CVE-2015-4242

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75583

SOURCES
db:VULHUBid:VHN-82203
db:BIDid:75583
db:JVNDBid:JVNDB-2015-003493
db:CNNVDid:CNNVD-201507-194
db:NVDid:CVE-2015-4242

LAST UPDATE DATE
2024-11-23T22:59:32.335000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82203date:2016-12-29T00:00:00
db:BIDid:75583date:2015-07-07T00:00:00
db:JVNDBid:JVNDB-2015-003493date:2015-07-13T00:00:00
db:CNNVDid:CNNVD-201507-194date:2015-07-09T00:00:00
db:NVDid:CVE-2015-4242date:2024-11-21T02:30:42.170

SOURCES RELEASE DATE
db:VULHUBid:VHN-82203date:2015-07-08T00:00:00
db:BIDid:75583date:2015-07-07T00:00:00
db:JVNDBid:JVNDB-2015-003493date:2015-07-13T00:00:00
db:CNNVDid:CNNVD-201507-194date:2015-07-09T00:00:00
db:NVDid:CVE-2015-4242date:2015-07-08T14:59:02.940