Sign-up

ID

VAR-201508-0483


CVE

CVE-2015-4314


TITLE

Cisco TelePresence Video Communication Server Expressway of System Snapshot Vulnerability to get password hash in function

Trust: 0.8

sources: JVNDB: JVNDB-2015-004342

DESCRIPTION

The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCuv40422. A remote attacker could exploit this vulnerability by downloading a snapshot file to crack password hashes

Trust: 1.98

sources: NVD: CVE-2015-4314 // JVNDB: JVNDB-2015-004342 // BID: 76326 // VULHUB: VHN-82275

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.1

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.1 (vcs expressway)

Trust: 0.8

vendor:ciscomodel:telepresence video communication server expresswayscope:eqversion:8.5.1

Trust: 0.3

sources: BID: 76326 // JVNDB: JVNDB-2015-004342 // CNNVD: CNNVD-201508-387 // NVD: CVE-2015-4314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4314
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4314
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-387
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82275
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4314
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82275
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82275 // JVNDB: JVNDB-2015-004342 // CNNVD: CNNVD-201508-387 // NVD: CVE-2015-4314

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82275 // JVNDB: JVNDB-2015-004342 // NVD: CVE-2015-4314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-387

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-387

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004342

PATCH
title:40439url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40439
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004342

EXTERNAL IDS
db:NVDid:CVE-2015-4314
Trust: 2.8
db:SECTRACKid:1033266
Trust: 1.1
db:BIDid:76326
Trust: 1.0
db:JVNDBid:JVNDB-2015-004342
Trust: 0.8
db:CNNVDid:CNNVD-201508-387
Trust: 0.7
db:VULHUBid:VHN-82275
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82275 // 
            
            
            
            BID: 76326 // 
            
            
            
            JVNDB: JVNDB-2015-004342 // 
            
            
            
            CNNVD: CNNVD-201508-387 // 
            
            
            
            NVD: CVE-2015-4314

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40439
Trust: 2.0
url:http://www.securitytracker.com/id/1033266
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4314
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4314
Trust: 0.8
url:http://www.securityfocus.com/bid/76326
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82275 // 
            
            
            
            BID: 76326 // 
            
            
            
            JVNDB: JVNDB-2015-004342 // 
            
            
            
            CNNVD: CNNVD-201508-387 // 
            
            
            
            NVD: CVE-2015-4314

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76326 // 
            
            
            
            CNNVD: CNNVD-201508-387

SOURCES
db:VULHUBid:VHN-82275
db:BIDid:76326
db:JVNDBid:JVNDB-2015-004342
db:CNNVDid:CNNVD-201508-387
db:NVDid:CVE-2015-4314

LAST UPDATE DATE
2024-11-23T22:38:47.470000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82275date:2017-09-21T00:00:00
db:BIDid:76326date:2015-08-12T00:00:00
db:JVNDBid:JVNDB-2015-004342date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-387date:2015-08-20T00:00:00
db:NVDid:CVE-2015-4314date:2024-11-21T02:30:48.913

SOURCES RELEASE DATE
db:VULHUBid:VHN-82275date:2015-08-20T00:00:00
db:BIDid:76326date:2015-08-12T00:00:00
db:JVNDBid:JVNDB-2015-004342date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-387date:2015-08-18T00:00:00
db:NVDid:CVE-2015-4314date:2015-08-20T00:59:00.123