Sign-up

ID

VAR-201508-0497


CVE

CVE-2015-4331


TITLE

Cisco Prime Infrastructure Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-004416

DESCRIPTION

Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. An attacker can exploit this issue to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSum59958. The vulnerability is caused by the program storing case-sensitive usernames and performing case-sensitive string comparisons

Trust: 1.98

sources: NVD: CVE-2015-4331 // JVNDB: JVNDB-2015-004416 // BID: 76437 // VULHUB: VHN-82292

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:lteversion:1.4.0.45

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope:eqversion:1.4 .0.45

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion:1.4.0.45

Trust: 0.6

sources: JVNDB: JVNDB-2015-004416 // CNNVD: CNNVD-201508-474 // NVD: CVE-2015-4331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4331
value: LOW

Trust: 1.0

NVD: CVE-2015-4331
value: LOW

Trust: 0.8

CNNVD: CNNVD-201508-474
value: LOW

Trust: 0.6

VULHUB: VHN-82292
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-4331
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82292
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82292 // JVNDB: JVNDB-2015-004416 // CNNVD: CNNVD-201508-474 // NVD: CVE-2015-4331

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82292 // JVNDB: JVNDB-2015-004416 // NVD: CVE-2015-4331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-474

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201508-474

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004416

PATCH
title:40553url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40553
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004416

EXTERNAL IDS
db:NVDid:CVE-2015-4331
Trust: 2.8
db:SECTRACKid:1033356
Trust: 1.1
db:BIDid:76437
Trust: 1.0
db:JVNDBid:JVNDB-2015-004416
Trust: 0.8
db:CNNVDid:CNNVD-201508-474
Trust: 0.7
db:VULHUBid:VHN-82292
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82292 // 
            
            
            
            BID: 76437 // 
            
            
            
            JVNDB: JVNDB-2015-004416 // 
            
            
            
            CNNVD: CNNVD-201508-474 // 
            
            
            
            NVD: CVE-2015-4331

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40553
Trust: 2.0
url:http://www.securitytracker.com/id/1033356
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4331
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4331
Trust: 0.8
url:http://www.securityfocus.com/bid/76437
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-infrastructure/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82292 // 
            
            
            
            BID: 76437 // 
            
            
            
            JVNDB: JVNDB-2015-004416 // 
            
            
            
            CNNVD: CNNVD-201508-474 // 
            
            
            
            NVD: CVE-2015-4331

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76437 // 
            
            
            
            CNNVD: CNNVD-201508-474

SOURCES
db:VULHUBid:VHN-82292
db:BIDid:76437
db:JVNDBid:JVNDB-2015-004416
db:CNNVDid:CNNVD-201508-474
db:NVDid:CVE-2015-4331

LAST UPDATE DATE
2024-11-23T22:08:01.088000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82292date:2017-01-04T00:00:00
db:BIDid:76437date:2015-08-20T00:00:00
db:JVNDBid:JVNDB-2015-004416date:2015-08-26T00:00:00
db:CNNVDid:CNNVD-201508-474date:2015-08-24T00:00:00
db:NVDid:CVE-2015-4331date:2024-11-21T02:30:50.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-82292date:2015-08-22T00:00:00
db:BIDid:76437date:2015-08-20T00:00:00
db:JVNDBid:JVNDB-2015-004416date:2015-08-26T00:00:00
db:CNNVDid:CNNVD-201508-474date:2015-08-21T00:00:00
db:NVDid:CVE-2015-4331date:2015-08-22T17:59:00.113