Sign-up

ID

VAR-201508-0129


CVE

CVE-2015-6261


TITLE

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 76481 // CNNVD: CNNVD-201508-536

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. An attacker can exploit this issue to gain access to sensitive information that may help in further attacks. This issue is being tracked by Cisco Bug Id CSCuv78531

Trust: 1.98

sources: NVD: CVE-2015-6261 // JVNDB: JVNDB-2015-004464 // BID: 76481 // VULHUB: VHN-84222

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5 .2

Trust: 0.8

vendor:ciscomodel:telepresence video communication server expresswayscope:eqversion:x8.5.2

Trust: 0.3

sources: BID: 76481 // JVNDB: JVNDB-2015-004464 // CNNVD: CNNVD-201508-536 // NVD: CVE-2015-6261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6261
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6261
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-536
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84222
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6261
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84222
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84222 // JVNDB: JVNDB-2015-004464 // CNNVD: CNNVD-201508-536 // NVD: CVE-2015-6261

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84222 // JVNDB: JVNDB-2015-004464 // NVD: CVE-2015-6261

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-536

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-536

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004464

PATCH
title:40620url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40620
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004464

EXTERNAL IDS
db:NVDid:CVE-2015-6261
Trust: 2.8
db:SECTRACKid:1033379
Trust: 1.1
db:JVNDBid:JVNDB-2015-004464
Trust: 0.8
db:CNNVDid:CNNVD-201508-536
Trust: 0.7
db:BIDid:76481
Trust: 0.4
db:VULHUBid:VHN-84222
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84222 // 
            
            
            
            BID: 76481 // 
            
            
            
            JVNDB: JVNDB-2015-004464 // 
            
            
            
            CNNVD: CNNVD-201508-536 // 
            
            
            
            NVD: CVE-2015-6261

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40620
Trust: 1.7
url:http://www.securitytracker.com/id/1033379
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6261
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6261
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151210-tvcs
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84222 // 
            
            
            
            BID: 76481 // 
            
            
            
            JVNDB: JVNDB-2015-004464 // 
            
            
            
            CNNVD: CNNVD-201508-536 // 
            
            
            
            NVD: CVE-2015-6261

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76481

SOURCES
db:VULHUBid:VHN-84222
db:BIDid:76481
db:JVNDBid:JVNDB-2015-004464
db:CNNVDid:CNNVD-201508-536
db:NVDid:CVE-2015-6261

LAST UPDATE DATE
2024-11-23T22:59:32.208000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84222date:2017-01-04T00:00:00
db:BIDid:76481date:2015-08-25T00:00:00
db:JVNDBid:JVNDB-2015-004464date:2015-08-28T00:00:00
db:CNNVDid:CNNVD-201508-536date:2015-08-27T00:00:00
db:NVDid:CVE-2015-6261date:2024-11-21T02:34:39.757

SOURCES RELEASE DATE
db:VULHUBid:VHN-84222date:2015-08-26T00:00:00
db:BIDid:76481date:2015-08-25T00:00:00
db:JVNDBid:JVNDB-2015-004464date:2015-08-28T00:00:00
db:CNNVDid:CNNVD-201508-536date:2015-08-27T00:00:00
db:NVDid:CVE-2015-6261date:2015-08-26T14:59:00.130