Sign-up

ID

VAR-201508-0489


CVE

CVE-2015-4320


TITLE

Cisco TelePresence Video Communication Server Expressway of Configuration Log File Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2015-004348

DESCRIPTION

The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuv12340. The vulnerability is caused by sensitive information contained in the log file

Trust: 1.98

sources: NVD: CVE-2015-4320 // JVNDB: JVNDB-2015-004348 // BID: 76350 // VULHUB: VHN-82281

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.2 (vcs expressway)

Trust: 0.8

vendor:ciscomodel:telepresence video communication server expresswayscope:eqversion:x8.5.2

Trust: 0.3

sources: BID: 76350 // JVNDB: JVNDB-2015-004348 // CNNVD: CNNVD-201508-372 // NVD: CVE-2015-4320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4320
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4320
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-372
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82281
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4320
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82281
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82281 // JVNDB: JVNDB-2015-004348 // CNNVD: CNNVD-201508-372 // NVD: CVE-2015-4320

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82281 // JVNDB: JVNDB-2015-004348 // NVD: CVE-2015-4320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-372

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-372

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004348

PATCH
title:40441url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40441
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004348

EXTERNAL IDS
db:NVDid:CVE-2015-4320
Trust: 2.8
db:BIDid:76350
Trust: 2.0
db:SECTRACKid:1033284
Trust: 1.1
db:JVNDBid:JVNDB-2015-004348
Trust: 0.8
db:CNNVDid:CNNVD-201508-372
Trust: 0.7
db:SEEBUGid:SSVID-89263
Trust: 0.1
db:VULHUBid:VHN-82281
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82281 // 
            
            
            
            BID: 76350 // 
            
            
            
            JVNDB: JVNDB-2015-004348 // 
            
            
            
            CNNVD: CNNVD-201508-372 // 
            
            
            
            NVD: CVE-2015-4320

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40441
Trust: 2.0
url:http://www.securityfocus.com/bid/76350
Trust: 1.7
url:http://www.securitytracker.com/id/1033284
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4320
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4320
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82281 // 
            
            
            
            BID: 76350 // 
            
            
            
            JVNDB: JVNDB-2015-004348 // 
            
            
            
            CNNVD: CNNVD-201508-372 // 
            
            
            
            NVD: CVE-2015-4320

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76350 // 
            
            
            
            CNNVD: CNNVD-201508-372

SOURCES
db:VULHUBid:VHN-82281
db:BIDid:76350
db:JVNDBid:JVNDB-2015-004348
db:CNNVDid:CNNVD-201508-372
db:NVDid:CVE-2015-4320

LAST UPDATE DATE
2024-11-23T22:52:42.928000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82281date:2017-09-21T00:00:00
db:BIDid:76350date:2015-08-13T00:00:00
db:JVNDBid:JVNDB-2015-004348date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-372date:2015-08-21T00:00:00
db:NVDid:CVE-2015-4320date:2024-11-21T02:30:49.610

SOURCES RELEASE DATE
db:VULHUBid:VHN-82281date:2015-08-20T00:00:00
db:BIDid:76350date:2015-08-13T00:00:00
db:JVNDBid:JVNDB-2015-004348date:2015-08-25T00:00:00
db:CNNVDid:CNNVD-201508-372date:2015-08-18T00:00:00
db:NVDid:CVE-2015-4320date:2015-08-20T00:59:03.873