Sign-up

ID

VAR-201508-0091


CVE

CVE-2015-6262


TITLE

Cisco Prime Infrastructure Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-004432

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. Vendors have confirmed this vulnerability Bug ID CSCum49054 ,and CSCum49059 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCum49054 and CSCum49059

Trust: 1.98

sources: NVD: CVE-2015-6262 // JVNDB: JVNDB-2015-004432 // BID: 76469 // VULHUB: VHN-84223

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion:1.2.0.103

Trust: 1.9

vendor:ciscomodel:prime infrastructurescope:eqversion:2.0

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope:eqversion:2.0.0

Trust: 0.9

vendor:ciscomodel:prime infrastructurescope:eqversion:1.2 .0.103

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion:2.0 .0

Trust: 0.8

sources: BID: 76469 // JVNDB: JVNDB-2015-004432 // CNNVD: CNNVD-201508-535 // NVD: CVE-2015-6262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6262
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6262
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-535
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84223
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6262
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84223
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84223 // JVNDB: JVNDB-2015-004432 // CNNVD: CNNVD-201508-535 // NVD: CVE-2015-6262

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-84223 // JVNDB: JVNDB-2015-004432 // NVD: CVE-2015-6262

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-535

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201508-535

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004432

PATCH
title:40652url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40652
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004432

EXTERNAL IDS
db:NVDid:CVE-2015-6262
Trust: 2.8
db:SECTRACKid:1033364
Trust: 1.7
db:JVNDBid:JVNDB-2015-004432
Trust: 0.8
db:CNNVDid:CNNVD-201508-535
Trust: 0.7
db:BIDid:76469
Trust: 0.4
db:VULHUBid:VHN-84223
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84223 // 
            
            
            
            BID: 76469 // 
            
            
            
            JVNDB: JVNDB-2015-004432 // 
            
            
            
            CNNVD: CNNVD-201508-535 // 
            
            
            
            NVD: CVE-2015-6262

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40652
Trust: 1.7
url:http://www.securitytracker.com/id/1033364
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6262
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6262
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40652 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84223 // 
            
            
            
            BID: 76469 // 
            
            
            
            JVNDB: JVNDB-2015-004432 // 
            
            
            
            CNNVD: CNNVD-201508-535 // 
            
            
            
            NVD: CVE-2015-6262

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 76469

SOURCES
db:VULHUBid:VHN-84223
db:BIDid:76469
db:JVNDBid:JVNDB-2015-004432
db:CNNVDid:CNNVD-201508-535
db:NVDid:CVE-2015-6262

LAST UPDATE DATE
2024-11-23T21:43:58.594000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84223date:2019-07-29T00:00:00
db:BIDid:76469date:2015-08-24T00:00:00
db:JVNDBid:JVNDB-2015-004432date:2015-08-27T00:00:00
db:CNNVDid:CNNVD-201508-535date:2019-07-30T00:00:00
db:NVDid:CVE-2015-6262date:2024-11-21T02:34:39.863

SOURCES RELEASE DATE
db:VULHUBid:VHN-84223date:2015-08-25T00:00:00
db:BIDid:76469date:2015-08-24T00:00:00
db:JVNDBid:JVNDB-2015-004432date:2015-08-27T00:00:00
db:CNNVDid:CNNVD-201508-535date:2015-08-25T00:00:00
db:NVDid:CVE-2015-6262date:2015-08-25T01:59:10.790