Sign-up

ID

VAR-201508-0128


CVE

CVE-2015-6258


TITLE

Cisco Wireless LAN Controller Runs on device software Internet Access Point Protocol Vulnerability in module causing unauthorized traffic forwarding

Trust: 0.8

sources: JVNDB: JVNDB-2015-004418

DESCRIPTION

The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. Cisco Wireless LAN Controller is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCuv40033. A security vulnerability exists in the IAPP module in Cisco WLC devices using version 8.1(104.37) software

Trust: 1.98

sources: NVD: CVE-2015-6258 // JVNDB: JVNDB-2015-004418 // BID: 76456 // VULHUB: VHN-84219

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1.104.37

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.1 .104.37

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.1.104.37

Trust: 0.3

sources: BID: 76456 // JVNDB: JVNDB-2015-004418 // CNNVD: CNNVD-201508-484 // NVD: CVE-2015-6258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6258
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6258
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-484
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84219
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6258
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84219
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84219 // JVNDB: JVNDB-2015-004418 // CNNVD: CNNVD-201508-484 // NVD: CVE-2015-6258

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-84219 // JVNDB: JVNDB-2015-004418 // NVD: CVE-2015-6258

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-484

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201508-484

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004418

PATCH
title:40586url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40586
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004418

EXTERNAL IDS
db:NVDid:CVE-2015-6258
Trust: 2.8
db:SECTRACKid:1033360
Trust: 1.1
db:JVNDBid:JVNDB-2015-004418
Trust: 0.8
db:CNNVDid:CNNVD-201508-484
Trust: 0.7
db:BIDid:76456
Trust: 0.4
db:VULHUBid:VHN-84219
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84219 // 
            
            
            
            BID: 76456 // 
            
            
            
            JVNDB: JVNDB-2015-004418 // 
            
            
            
            CNNVD: CNNVD-201508-484 // 
            
            
            
            NVD: CVE-2015-6258

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40586
Trust: 2.0
url:http://www.securitytracker.com/id/1033360
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6258
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6258
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84219 // 
            
            
            
            BID: 76456 // 
            
            
            
            JVNDB: JVNDB-2015-004418 // 
            
            
            
            CNNVD: CNNVD-201508-484 // 
            
            
            
            NVD: CVE-2015-6258

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76456

SOURCES
db:VULHUBid:VHN-84219
db:BIDid:76456
db:JVNDBid:JVNDB-2015-004418
db:CNNVDid:CNNVD-201508-484
db:NVDid:CVE-2015-6258

LAST UPDATE DATE
2024-11-23T22:31:07.651000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84219date:2017-01-04T00:00:00
db:BIDid:76456date:2015-08-21T00:00:00
db:JVNDBid:JVNDB-2015-004418date:2015-08-26T00:00:00
db:CNNVDid:CNNVD-201508-484date:2015-08-27T00:00:00
db:NVDid:CVE-2015-6258date:2024-11-21T02:34:39.417

SOURCES RELEASE DATE
db:VULHUBid:VHN-84219date:2015-08-22T00:00:00
db:BIDid:76456date:2015-08-21T00:00:00
db:JVNDBid:JVNDB-2015-004418date:2015-08-26T00:00:00
db:CNNVDid:CNNVD-201508-484date:2015-08-24T00:00:00
db:NVDid:CVE-2015-6258date:2015-08-22T17:59:02.583