Details of VAR-201507-0539

ID

VAR-201507-0539

CVE

CVE-2015-4254

TITLE

Cisco TelePresence Advanced Media Gateway Device software cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003553

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732. Vendors have confirmed this vulnerability Bug ID CSCuu90732 It is released as.A third party may be able to hijack the authentication of any user. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuu90732

Trust: 2.52

sources: NVD: CVE-2015-4254 // JVNDB: JVNDB-2015-003553 // CNVD: CNVD-2015-04472 // BID: 75701 // VULHUB: VHN-82215

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04472

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence advanced media gateway	scope:	eq	version:	1.1\(1.40\)	Trust: 1.6
vendor:	cisco	model:	telepresence advanced media gateway	scope:	eq	version:	1.1(1.40)	Trust: 0.9
vendor:	cisco	model:	telepresence advanced media gateway series software	scope:	eq	version:	1.1(1.40)	Trust: 0.8

sources: CNVD: CNVD-2015-04472 // BID: 75701 // JVNDB: JVNDB-2015-003553 // CNNVD: CNNVD-201507-337 // NVD: CVE-2015-4254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4254
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4254
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-04472
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201507-337
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82215
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4254
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04472
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82215
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04472 // VULHUB: VHN-82215 // JVNDB: JVNDB-2015-003553 // CNNVD: CNNVD-201507-337 // NVD: CVE-2015-4254

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-82215 // JVNDB: JVNDB-2015-003553 // NVD: CVE-2015-4254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-337

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-337

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003553

PATCH

title:

39797

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39797

Trust: 0.8

sources: JVNDB: JVNDB-2015-003553

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4254	Trust: 3.4
db:	JVNDB	id:	JVNDB-2015-003553	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-337	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04472	Trust: 0.6
db:	BID	id:	75701	Trust: 0.4
db:	VULHUB	id:	VHN-82215	Trust: 0.1

sources: CNVD: CNVD-2015-04472 // VULHUB: VHN-82215 // BID: 75701 // JVNDB: JVNDB-2015-003553 // CNNVD: CNNVD-201507-337 // NVD: CVE-2015-4254

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39797	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4254	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4254	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-04472 // VULHUB: VHN-82215 // BID: 75701 // JVNDB: JVNDB-2015-003553 // CNNVD: CNNVD-201507-337 // NVD: CVE-2015-4254

CREDITS

Cisco

Trust: 0.3

sources: BID: 75701

SOURCES

db:	CNVD	id:	CNVD-2015-04472
db:	VULHUB	id:	VHN-82215
db:	BID	id:	75701
db:	JVNDB	id:	JVNDB-2015-003553
db:	CNNVD	id:	CNNVD-201507-337
db:	NVD	id:	CVE-2015-4254

LAST UPDATE DATE

2024-11-23T22:08:02.293000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04472	date:	2015-07-15T00:00:00
db:	VULHUB	id:	VHN-82215	date:	2015-07-13T00:00:00
db:	BID	id:	75701	date:	2015-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-003553	date:	2015-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201507-337	date:	2015-07-13T00:00:00
db:	NVD	id:	CVE-2015-4254	date:	2024-11-21T02:30:42.890

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04472	date:	2015-07-15T00:00:00
db:	VULHUB	id:	VHN-82215	date:	2015-07-10T00:00:00
db:	BID	id:	75701	date:	2015-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-003553	date:	2015-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201507-337	date:	2015-07-13T00:00:00
db:	NVD	id:	CVE-2015-4254	date:	2015-07-10T17:59:02.750