Details of VAR-201509-0017

ID

VAR-201509-0017

CVE

CVE-2015-6296

TITLE

Cisco Prime Network Registrar In root Vulnerabilities that gain access to

Trust: 0.8

sources: JVNDB: JVNDB-2015-004943

DESCRIPTION

Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825. A local attacker may exploit this issue to gain root privileges on the affected device; this can also result in the attacker gaining complete control of the affected system. This issue is being tracked by Cisco Bug ID CSCuw21825. The product provides services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS) and IP Address Management (IPAM). There is a security vulnerability in CPNR, which originates from the default account in the program

Trust: 1.98

sources: NVD: CVE-2015-6296 // JVNDB: JVNDB-2015-004943 // BID: 76779 // VULHUB: VHN-84257

AFFECTED PRODUCTS

vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.3.2	Trust: 1.6
vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.2.3	Trust: 1.6
vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.1.3.3	Trust: 1.6
vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.1 .3.3	Trust: 0.8
vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.2 .3	Trust: 0.8
vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.3 .2	Trust: 0.8
vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.3(2)	Trust: 0.3
vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.2(3)	Trust: 0.3
vendor:	cisco	model:	prime network registrar	scope:	eq	version:	8.1(3.3)	Trust: 0.3

sources: BID: 76779 // JVNDB: JVNDB-2015-004943 // CNNVD: CNNVD-201509-376 // NVD: CVE-2015-6296

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6296
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6296
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201509-376
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84257
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6296
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84257
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84257 // JVNDB: JVNDB-2015-004943 // CNNVD: CNNVD-201509-376 // NVD: CVE-2015-6296

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-84257 // JVNDB: JVNDB-2015-004943 // NVD: CVE-2015-6296

THREAT TYPE

local

Trust: 0.9

sources: BID: 76779 // CNNVD: CNNVD-201509-376

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201509-376

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004943

PATCH

title:

41041

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=41041

Trust: 0.8

sources: JVNDB: JVNDB-2015-004943

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6296	Trust: 2.8
db:	SECTRACK	id:	1033613	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004943	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-376	Trust: 0.7
db:	BID	id:	76779	Trust: 0.4
db:	VULHUB	id:	VHN-84257	Trust: 0.1

sources: VULHUB: VHN-84257 // BID: 76779 // JVNDB: JVNDB-2015-004943 // CNNVD: CNNVD-201509-376 // NVD: CVE-2015-6296

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41041	Trust: 2.0
url:	http://www.securitytracker.com/id/1033613	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6296	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6296	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-84257 // BID: 76779 // JVNDB: JVNDB-2015-004943 // CNNVD: CNNVD-201509-376 // NVD: CVE-2015-6296

CREDITS

Cisco

Trust: 0.3

sources: BID: 76779

SOURCES

db:	VULHUB	id:	VHN-84257
db:	BID	id:	76779
db:	JVNDB	id:	JVNDB-2015-004943
db:	CNNVD	id:	CNNVD-201509-376
db:	NVD	id:	CVE-2015-6296

LAST UPDATE DATE

2024-11-23T22:18:22.887000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84257	date:	2016-12-29T00:00:00
db:	BID	id:	76779	date:	2015-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2015-004943	date:	2015-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-376	date:	2015-09-24T00:00:00
db:	NVD	id:	CVE-2015-6296	date:	2024-11-21T02:34:43.460

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84257	date:	2015-09-18T00:00:00
db:	BID	id:	76779	date:	2015-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2015-004943	date:	2015-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-376	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-6296	date:	2015-09-18T22:59:03.217