Sign-up

ID

VAR-201507-0547


CVE

CVE-2015-4263


TITLE

Cisco Mobility service Vulnerabilities that capture important information in engine control and provisioning functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-003555

DESCRIPTION

The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851. Cisco Mobility Services Engine is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCut36851. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers

Trust: 1.98

sources: NVD: CVE-2015-4263 // JVNDB: JVNDB-2015-003555 // BID: 75707 // VULHUB: VHN-82224

AFFECTED PRODUCTS

vendor:ciscomodel:mobility services enginescope:eqversion:10.0\(0.1\)

Trust: 1.6

vendor:ciscomodel:mobility services enginescope:eqversion:10.0(0.1)

Trust: 1.1

sources: BID: 75707 // JVNDB: JVNDB-2015-003555 // CNNVD: CNNVD-201507-339 // NVD: CVE-2015-4263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4263
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4263
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-339
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82224
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4263
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82224
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82224 // JVNDB: JVNDB-2015-003555 // CNNVD: CNNVD-201507-339 // NVD: CVE-2015-4263

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82224 // JVNDB: JVNDB-2015-003555 // NVD: CVE-2015-4263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-339

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201507-339

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003555

PATCH
title:39825url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39825
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003555

EXTERNAL IDS
db:NVDid:CVE-2015-4263
Trust: 2.8
db:SECTRACKid:1032854
Trust: 1.1
db:JVNDBid:JVNDB-2015-003555
Trust: 0.8
db:CNNVDid:CNNVD-201507-339
Trust: 0.6
db:BIDid:75707
Trust: 0.4
db:VULHUBid:VHN-82224
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82224 // 
            
            
            
            BID: 75707 // 
            
            
            
            JVNDB: JVNDB-2015-003555 // 
            
            
            
            CNNVD: CNNVD-201507-339 // 
            
            
            
            NVD: CVE-2015-4263

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39825
Trust: 2.0
url:http://www.securitytracker.com/id/1032854
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4263
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4263
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82224 // 
            
            
            
            BID: 75707 // 
            
            
            
            JVNDB: JVNDB-2015-003555 // 
            
            
            
            CNNVD: CNNVD-201507-339 // 
            
            
            
            NVD: CVE-2015-4263

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75707

SOURCES
db:VULHUBid:VHN-82224
db:BIDid:75707
db:JVNDBid:JVNDB-2015-003555
db:CNNVDid:CNNVD-201507-339
db:NVDid:CVE-2015-4263

LAST UPDATE DATE
2024-11-23T23:12:38.770000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82224date:2016-12-28T00:00:00
db:BIDid:75707date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-003555date:2015-07-14T00:00:00
db:CNNVDid:CNNVD-201507-339date:2015-07-13T00:00:00
db:NVDid:CVE-2015-4263date:2024-11-21T02:30:43.790

SOURCES RELEASE DATE
db:VULHUBid:VHN-82224date:2015-07-10T00:00:00
db:BIDid:75707date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-003555date:2015-07-14T00:00:00
db:CNNVDid:CNNVD-201507-339date:2015-07-13T00:00:00
db:NVDid:CVE-2015-4263date:2015-07-10T19:59:01.237