Sign-up

ID

VAR-201508-0503


CVE

CVE-2015-4295


TITLE

Cisco Unified Communications Manager of Prime Collaboration Deployment component In root Vulnerabilities that can be used to obtain authentication information

Trust: 0.8

sources: JVNDB: JVNDB-2015-003965

DESCRIPTION

The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCuv21819. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Prime Collaboration Deployment is one of the enterprise collaboration network management solution components

Trust: 1.98

sources: NVD: CVE-2015-4295 // JVNDB: JVNDB-2015-003965 // BID: 76123 // VULHUB: VHN-82256

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(3.10000.9\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(3.10000.9)

Trust: 1.1

sources: BID: 76123 // JVNDB: JVNDB-2015-003965 // CNNVD: CNNVD-201507-849 // NVD: CVE-2015-4295

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4295
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4295
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-849
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82256
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4295
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82256
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82256 // JVNDB: JVNDB-2015-003965 // CNNVD: CNNVD-201507-849 // NVD: CVE-2015-4295

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82256 // JVNDB: JVNDB-2015-003965 // NVD: CVE-2015-4295

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-849

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201507-849

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003965

PATCH
title:40223url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40223
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003965

EXTERNAL IDS
db:NVDid:CVE-2015-4295
Trust: 2.8
db:SECTRACKid:1033174
Trust: 1.1
db:JVNDBid:JVNDB-2015-003965
Trust: 0.8
db:CNNVDid:CNNVD-201507-849
Trust: 0.7
db:BIDid:76123
Trust: 0.4
db:VULHUBid:VHN-82256
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82256 // 
            
            
            
            BID: 76123 // 
            
            
            
            JVNDB: JVNDB-2015-003965 // 
            
            
            
            CNNVD: CNNVD-201507-849 // 
            
            
            
            NVD: CVE-2015-4295

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40223
Trust: 2.0
url:http://www.securitytracker.com/id/1033174
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4295
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4295
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82256 // 
            
            
            
            BID: 76123 // 
            
            
            
            JVNDB: JVNDB-2015-003965 // 
            
            
            
            CNNVD: CNNVD-201507-849 // 
            
            
            
            NVD: CVE-2015-4295

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76123

SOURCES
db:VULHUBid:VHN-82256
db:BIDid:76123
db:JVNDBid:JVNDB-2015-003965
db:CNNVDid:CNNVD-201507-849
db:NVDid:CVE-2015-4295

LAST UPDATE DATE
2024-11-23T21:54:54.774000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82256date:2015-08-21T00:00:00
db:BIDid:76123date:2015-07-30T00:00:00
db:JVNDBid:JVNDB-2015-003965date:2015-08-04T00:00:00
db:CNNVDid:CNNVD-201507-849date:2015-08-06T00:00:00
db:NVDid:CVE-2015-4295date:2024-11-21T02:30:47.283

SOURCES RELEASE DATE
db:VULHUBid:VHN-82256date:2015-08-01T00:00:00
db:BIDid:76123date:2015-07-30T00:00:00
db:JVNDBid:JVNDB-2015-003965date:2015-08-04T00:00:00
db:CNNVDid:CNNVD-201507-849date:2015-07-31T00:00:00
db:NVDid:CVE-2015-4295date:2015-08-01T01:59:18.693