Sign-up

ID

VAR-201508-0488


CVE

CVE-2015-4319


TITLE

Cisco TelePresence Video Communication Server Expressway Management Web Interface vulnerable to password reset for any active user

Trust: 0.8

sources: JVNDB: JVNDB-2015-004347

DESCRIPTION

The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. Vendors have confirmed this vulnerability Bug ID CSCuv12338 It is released as.A remotely authenticated user may reset the password of any active user. Attackers can exploit this issue to gain unauthorized access to the affected application. This may help in further attacks. This issue is being tracked by Cisco bug ID CSCuv12338. The vulnerability stems from the fact that the program does not perform authentication operations correctly. An attacker could exploit this vulnerability by sending a specially crafted packet to change a user's password

Trust: 1.98

sources: NVD: CVE-2015-4319 // JVNDB: JVNDB-2015-004347 // BID: 76366 // VULHUB: VHN-82280

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.1

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.1 (vcs expressway)

Trust: 0.8

vendor:ciscomodel:telepresence video communication server expresswayscope:eqversion:x8.5.1

Trust: 0.3

sources: BID: 76366 // JVNDB: JVNDB-2015-004347 // CNNVD: CNNVD-201508-362 // NVD: CVE-2015-4319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4319
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4319
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-362
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82280
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4319
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82280
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82280 // JVNDB: JVNDB-2015-004347 // CNNVD: CNNVD-201508-362 // NVD: CVE-2015-4319

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-82280 // JVNDB: JVNDB-2015-004347 // NVD: CVE-2015-4319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-362

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-362

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004347

PATCH
title:40442url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40442
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004347

EXTERNAL IDS
db:NVDid:CVE-2015-4319
Trust: 2.8
db:BIDid:76366
Trust: 2.0
db:SECTRACKid:1033323
Trust: 1.1
db:JVNDBid:JVNDB-2015-004347
Trust: 0.8
db:CNNVDid:CNNVD-201508-362
Trust: 0.7
db:VULHUBid:VHN-82280
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82280 // 
            
            
            
            BID: 76366 // 
            
            
            
            JVNDB: JVNDB-2015-004347 // 
            
            
            
            CNNVD: CNNVD-201508-362 // 
            
            
            
            NVD: CVE-2015-4319

REFERENCES
url:http://www.securityfocus.com/bid/76366
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40442
Trust: 1.7
url:http://www.securitytracker.com/id/1033323
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4319
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4319
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40442 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82280 // 
            
            
            
            BID: 76366 // 
            
            
            
            JVNDB: JVNDB-2015-004347 // 
            
            
            
            CNNVD: CNNVD-201508-362 // 
            
            
            
            NVD: CVE-2015-4319

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 76366

SOURCES
db:VULHUBid:VHN-82280
db:BIDid:76366
db:JVNDBid:JVNDB-2015-004347
db:CNNVDid:CNNVD-201508-362
db:NVDid:CVE-2015-4319

LAST UPDATE DATE
2024-11-23T22:22:53.670000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82280date:2017-01-04T00:00:00
db:BIDid:76366date:2015-08-14T00:00:00
db:JVNDBid:JVNDB-2015-004347date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-362date:2015-08-21T00:00:00
db:NVDid:CVE-2015-4319date:2024-11-21T02:30:49.497

SOURCES RELEASE DATE
db:VULHUBid:VHN-82280date:2015-08-20T00:00:00
db:BIDid:76366date:2015-08-14T00:00:00
db:JVNDBid:JVNDB-2015-004347date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-362date:2015-08-19T00:00:00
db:NVDid:CVE-2015-4319date:2015-08-20T10:59:08.903