Sign-up

ID

VAR-201509-0020


CVE

CVE-2015-6300


TITLE

Cisco Secure Access Control Server Solution Engine Service operation disruption (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004946

DESCRIPTION

Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. Attackers can exploit this issue to cause the SSH screen process to unexpectedly terminate, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuw24694. This solution provides functions such as centralized management of access types, devices, and user groups for accessing network resources

Trust: 1.98

sources: NVD: CVE-2015-6300 // JVNDB: JVNDB-2015-004946 // BID: 76786 // VULHUB: VHN-84261

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control serverscope:eqversion:5.7.0.15

Trust: 1.6

vendor:ciscomodel:secure access control server solution enginescope:eqversion:5.7 .0.15

Trust: 0.8

vendor:ciscomodel:secure access control server solution enginescope:eqversion:5.7.0.15

Trust: 0.3

sources: BID: 76786 // JVNDB: JVNDB-2015-004946 // CNNVD: CNNVD-201509-383 // NVD: CVE-2015-6300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6300
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6300
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-383
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84261
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6300
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84261
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84261 // JVNDB: JVNDB-2015-004946 // CNNVD: CNNVD-201509-383 // NVD: CVE-2015-6300

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-84261 // JVNDB: JVNDB-2015-004946 // NVD: CVE-2015-6300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-383

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201509-383

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004946

PATCH
title:41087url:http://tools.cisco.com/security/center/viewAlert.x?alertId=41087
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004946

EXTERNAL IDS
db:NVDid:CVE-2015-6300
Trust: 2.8
db:SECTRACKid:1033615
Trust: 1.1
db:JVNDBid:JVNDB-2015-004946
Trust: 0.8
db:CNNVDid:CNNVD-201509-383
Trust: 0.7
db:BIDid:76786
Trust: 0.4
db:VULHUBid:VHN-84261
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84261 // 
            
            
            
            BID: 76786 // 
            
            
            
            JVNDB: JVNDB-2015-004946 // 
            
            
            
            CNNVD: CNNVD-201509-383 // 
            
            
            
            NVD: CVE-2015-6300

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41087
Trust: 2.0
url:http://www.securitytracker.com/id/1033615
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6300
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6300
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps9911/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84261 // 
            
            
            
            BID: 76786 // 
            
            
            
            JVNDB: JVNDB-2015-004946 // 
            
            
            
            CNNVD: CNNVD-201509-383 // 
            
            
            
            NVD: CVE-2015-6300

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76786

SOURCES
db:VULHUBid:VHN-84261
db:BIDid:76786
db:JVNDBid:JVNDB-2015-004946
db:CNNVDid:CNNVD-201509-383
db:NVDid:CVE-2015-6300

LAST UPDATE DATE
2024-11-23T22:08:00.659000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84261date:2016-12-29T00:00:00
db:BIDid:76786date:2015-09-18T00:00:00
db:JVNDBid:JVNDB-2015-004946date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-383date:2015-09-24T00:00:00
db:NVDid:CVE-2015-6300date:2024-11-21T02:34:43.943

SOURCES RELEASE DATE
db:VULHUBid:VHN-84261date:2015-09-20T00:00:00
db:BIDid:76786date:2015-09-18T00:00:00
db:JVNDBid:JVNDB-2015-004946date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-383date:2015-09-21T00:00:00
db:NVDid:CVE-2015-6300date:2015-09-20T14:59:05.960