ID

VAR-201507-0541


CVE

CVE-2015-4256


TITLE

Cisco TelePresence IP VCR Device Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-04446 // CNNVD: CNNVD-201507-302

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736. Vendors have confirmed this vulnerability Bug ID CSCuu90736 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuu90736

Trust: 2.52

sources: NVD: CVE-2015-4256 // JVNDB: JVNDB-2015-003548 // CNVD: CNVD-2015-04446 // BID: 75682 // VULHUB: VHN-82217

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04446

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence ip vcr 3.0scope:eqversion:1.27

Trust: 1.6

vendor:ciscomodel:telepresence ip vcr series softwarescope:eqversion:3.0(1.27)

Trust: 0.8

vendor:ciscomodel:telepresence ip vcrscope:eqversion:3.0(1.27)

Trust: 0.6

vendor:ciscomodel:telepresence ip vcr seriesscope:eqversion:3.01.27

Trust: 0.3

sources: CNVD: CNVD-2015-04446 // BID: 75682 // JVNDB: JVNDB-2015-003548 // CNNVD: CNNVD-201507-302 // NVD: CVE-2015-4256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4256
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4256
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04446
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201507-302
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82217
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4256
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04446
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82217
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04446 // VULHUB: VHN-82217 // JVNDB: JVNDB-2015-003548 // CNNVD: CNNVD-201507-302 // NVD: CVE-2015-4256

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-82217 // JVNDB: JVNDB-2015-003548 // NVD: CVE-2015-4256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-302

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-302

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003548

PATCH

title:39800url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39800

Trust: 0.8

sources: JVNDB: JVNDB-2015-003548

EXTERNAL IDS

db:NVDid:CVE-2015-4256

Trust: 3.4

db:SECTRACKid:1032838

Trust: 1.1

db:BIDid:75682

Trust: 1.0

db:JVNDBid:JVNDB-2015-003548

Trust: 0.8

db:CNNVDid:CNNVD-201507-302

Trust: 0.7

db:CNVDid:CNVD-2015-04446

Trust: 0.6

db:VULHUBid:VHN-82217

Trust: 0.1

sources: CNVD: CNVD-2015-04446 // VULHUB: VHN-82217 // BID: 75682 // JVNDB: JVNDB-2015-003548 // CNNVD: CNNVD-201507-302 // NVD: CVE-2015-4256

REFERENCES

url:http://tools.cisco.com/security/center/viewalert.x?alertid=39800

Trust: 2.6

url:http://www.securitytracker.com/id/1032838

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4256

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4256

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

url:http://www.cisco.com/c/en/us/products/collaboration-endpoints/telepresence-ip-vcr-series/index.html

Trust: 0.3

sources: CNVD: CNVD-2015-04446 // VULHUB: VHN-82217 // BID: 75682 // JVNDB: JVNDB-2015-003548 // CNNVD: CNNVD-201507-302 // NVD: CVE-2015-4256

CREDITS

Cisco

Trust: 0.3

sources: BID: 75682

SOURCES

db:CNVDid:CNVD-2015-04446
db:VULHUBid:VHN-82217
db:BIDid:75682
db:JVNDBid:JVNDB-2015-003548
db:CNNVDid:CNNVD-201507-302
db:NVDid:CVE-2015-4256

LAST UPDATE DATE

2024-11-23T22:13:24.498000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-04446date:2015-07-14T00:00:00
db:VULHUBid:VHN-82217date:2016-12-29T00:00:00
db:BIDid:75682date:2015-07-09T00:00:00
db:JVNDBid:JVNDB-2015-003548date:2015-07-14T00:00:00
db:CNNVDid:CNNVD-201507-302date:2015-07-10T00:00:00
db:NVDid:CVE-2015-4256date:2024-11-21T02:30:43.110

SOURCES RELEASE DATE

db:CNVDid:CNVD-2015-04446date:2015-07-14T00:00:00
db:VULHUBid:VHN-82217date:2015-07-10T00:00:00
db:BIDid:75682date:2015-07-09T00:00:00
db:JVNDBid:JVNDB-2015-003548date:2015-07-14T00:00:00
db:CNNVDid:CNNVD-201507-302date:2015-07-10T00:00:00
db:NVDid:CVE-2015-4256date:2015-07-10T00:59:03.947