Details of VAR-201507-0549

ID

VAR-201507-0549

CVE

CVE-2015-4267

TITLE

Cisco Identity Services Engine of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2015-003851

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. Vendors have confirmed this vulnerability Bug ID CSCus09940 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCus09940. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The following releases are affected: Cisco ISE Release 1.2(0.793), Release 1.3(0.876), Release 1.4(0.109), Release 2.0(0.147)

Trust: 1.98

sources: NVD: CVE-2015-4267 // JVNDB: JVNDB-2015-003851 // BID: 75902 // VULHUB: VHN-82228

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	2.0\(0.169\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3\(0.876\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	2.0\(0.147\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2\(0.793\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.4\(0.181\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.4\(0.876\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2 (0.793)	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3 (0.876)	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.4 (0.109)	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	2.0 (0.147)	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	2.0 (0.169)	Trust: 0.8

sources: JVNDB: JVNDB-2015-003851 // CNNVD: CNNVD-201507-474 // NVD: CVE-2015-4267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4267
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4267
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201507-474
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82228
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4267
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-82228
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82228 // JVNDB: JVNDB-2015-003851 // CNNVD: CNNVD-201507-474 // NVD: CVE-2015-4267

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-82228 // JVNDB: JVNDB-2015-003851 // NVD: CVE-2015-4267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-474

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-474

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003851

PATCH

title:

39872

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39872

Trust: 0.8

sources: JVNDB: JVNDB-2015-003851

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4267	Trust: 2.8
db:	SECTRACK	id:	1032929	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003851	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-474	Trust: 0.7
db:	BID	id:	75902	Trust: 0.4
db:	VULHUB	id:	VHN-82228	Trust: 0.1

sources: VULHUB: VHN-82228 // BID: 75902 // JVNDB: JVNDB-2015-003851 // CNNVD: CNNVD-201507-474 // NVD: CVE-2015-4267

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39872	Trust: 1.7
url:	http://www.securitytracker.com/id/1032929	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4267	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4267	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-82228 // BID: 75902 // JVNDB: JVNDB-2015-003851 // CNNVD: CNNVD-201507-474 // NVD: CVE-2015-4267

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 75902

SOURCES

db:	VULHUB	id:	VHN-82228
db:	BID	id:	75902
db:	JVNDB	id:	JVNDB-2015-003851
db:	CNNVD	id:	CNNVD-201507-474
db:	NVD	id:	CVE-2015-4267

LAST UPDATE DATE

2024-11-23T22:22:54.171000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82228	date:	2016-12-28T00:00:00
db:	BID	id:	75902	date:	2015-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-003851	date:	2015-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201507-474	date:	2015-07-16T00:00:00
db:	NVD	id:	CVE-2015-4267	date:	2024-11-21T02:30:44.120

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82228	date:	2015-07-15T00:00:00
db:	BID	id:	75902	date:	2015-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-003851	date:	2015-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201507-474	date:	2015-07-16T00:00:00
db:	NVD	id:	CVE-2015-4267	date:	2015-07-15T18:59:00.083