Details of VAR-201507-0538

ID

VAR-201507-0538

CVE

CVE-2015-4253

TITLE

Cisco TelePresence Serial Gateway Device Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-04452 // CNNVD: CNNVD-201507-300

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90728. Vendors have confirmed this vulnerability Bug ID CSCuu90728 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuu90728

Trust: 2.52

sources: NVD: CVE-2015-4253 // JVNDB: JVNDB-2015-003546 // CNVD: CNVD-2015-04452 // BID: 75685 // VULHUB: VHN-82214

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04452

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence serial gateway	scope:	eq	version:	1.0.1.42	Trust: 1.6
vendor:	cisco	model:	telepresence serial gateway series software	scope:	eq	version:	1.0(1.42)	Trust: 0.8
vendor:	cisco	model:	telepresence serial gateway	scope:	eq	version:	1.0(1.42)	Trust: 0.6
vendor:	cisco	model:	telepresence serial gateway series	scope:	eq	version:	1.0(1.42)	Trust: 0.3

sources: CNVD: CNVD-2015-04452 // BID: 75685 // JVNDB: JVNDB-2015-003546 // CNNVD: CNNVD-201507-300 // NVD: CVE-2015-4253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4253
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4253
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-04452
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201507-300
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82214
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4253
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04452
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82214
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04452 // VULHUB: VHN-82214 // JVNDB: JVNDB-2015-003546 // CNNVD: CNNVD-201507-300 // NVD: CVE-2015-4253

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-82214 // JVNDB: JVNDB-2015-003546 // NVD: CVE-2015-4253

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-300

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-300

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003546

PATCH

title:

39796

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39796

Trust: 0.8

sources: JVNDB: JVNDB-2015-003546

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4253	Trust: 3.4
db:	SECTRACK	id:	1032838	Trust: 1.1
db:	BID	id:	75685	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-003546	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-300	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04452	Trust: 0.6
db:	VULHUB	id:	VHN-82214	Trust: 0.1

sources: CNVD: CNVD-2015-04452 // VULHUB: VHN-82214 // BID: 75685 // JVNDB: JVNDB-2015-003546 // CNNVD: CNNVD-201507-300 // NVD: CVE-2015-4253

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39796	Trust: 2.6
url:	http://www.securitytracker.com/id/1032838	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4253	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4253	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-04452 // VULHUB: VHN-82214 // BID: 75685 // JVNDB: JVNDB-2015-003546 // CNNVD: CNNVD-201507-300 // NVD: CVE-2015-4253

CREDITS

Cisco

Trust: 0.3

sources: BID: 75685

SOURCES

db:	CNVD	id:	CNVD-2015-04452
db:	VULHUB	id:	VHN-82214
db:	BID	id:	75685
db:	JVNDB	id:	JVNDB-2015-003546
db:	CNNVD	id:	CNNVD-201507-300
db:	NVD	id:	CVE-2015-4253

LAST UPDATE DATE

2024-11-23T22:13:24.464000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04452	date:	2015-07-14T00:00:00
db:	VULHUB	id:	VHN-82214	date:	2016-12-29T00:00:00
db:	BID	id:	75685	date:	2015-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003546	date:	2015-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201507-300	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-4253	date:	2024-11-21T02:30:42.743

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04452	date:	2015-07-14T00:00:00
db:	VULHUB	id:	VHN-82214	date:	2015-07-10T00:00:00
db:	BID	id:	75685	date:	2015-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003546	date:	2015-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201507-300	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-4253	date:	2015-07-10T00:59:01.977