Sign-up

ID

VAR-201509-0460


CVE

CVE-2015-4305


TITLE

Cisco Prime Collaboration Assurance of Web Vulnerability in the framework that prevents system database read restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-004937

DESCRIPTION

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. Cisco Prime Collaboration Assurance is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to gain access to sensitive information. This issue is being tracked by Cisco Bug ID CSCus62656. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. A remote attacker can exploit this vulnerability by sending a specially crafted URL to obtain any device information imported into the system database

Trust: 1.98

sources: NVD: CVE-2015-4305 // JVNDB: JVNDB-2015-004937 // BID: 76757 // VULHUB: VHN-82266

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5.1

Trust: 1.9

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.0.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:9.5.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.6.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:9.0.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.0 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5 .1

Trust: 0.8

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.6 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration assurancescope:eqversion:9.0 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration assurancescope:eqversion:9.5 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.6

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.0

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:9.5

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:prime collaboration assurance mspscope:neversion:10.5.1

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:neversion:11.0

Trust: 0.3

sources: BID: 76757 // JVNDB: JVNDB-2015-004937 // CNNVD: CNNVD-201509-248 // NVD: CVE-2015-4305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4305
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4305
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-248
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82266
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4305
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82266
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82266 // JVNDB: JVNDB-2015-004937 // CNNVD: CNNVD-201509-248 // NVD: CVE-2015-4305

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82266 // JVNDB: JVNDB-2015-004937 // NVD: CVE-2015-4305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-248

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201509-248

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004937

PATCH
title:cisco-sa-20150916-pcaurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca
Trust: 0.8
title:40520url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40520
Trust: 0.8
title:cisco-sa-20150916-pcaurl:http://www.cisco.com/cisco/web/support/JP/113/1135/1135304_cisco-sa-20150916-pca-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004937

EXTERNAL IDS
db:NVDid:CVE-2015-4305
Trust: 2.8
db:SECTRACKid:1033581
Trust: 1.1
db:BIDid:76757
Trust: 1.0
db:JVNDBid:JVNDB-2015-004937
Trust: 0.8
db:CNNVDid:CNNVD-201509-248
Trust: 0.7
db:VULHUBid:VHN-82266
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82266 // 
            
            
            
            BID: 76757 // 
            
            
            
            JVNDB: JVNDB-2015-004937 // 
            
            
            
            CNNVD: CNNVD-201509-248 // 
            
            
            
            NVD: CVE-2015-4305

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40520
Trust: 2.0
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150916-pca
Trust: 2.0
url:http://www.securitytracker.com/id/1033581
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4305
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4305
Trust: 0.8
url:http://www.securityfocus.com/bid/76757
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps12363/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82266 // 
            
            
            
            BID: 76757 // 
            
            
            
            JVNDB: JVNDB-2015-004937 // 
            
            
            
            CNNVD: CNNVD-201509-248 // 
            
            
            
            NVD: CVE-2015-4305

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76757 // 
            
            
            
            CNNVD: CNNVD-201509-248

SOURCES
db:VULHUBid:VHN-82266
db:BIDid:76757
db:JVNDBid:JVNDB-2015-004937
db:CNNVDid:CNNVD-201509-248
db:NVDid:CVE-2015-4305

LAST UPDATE DATE
2024-11-23T22:07:58.958000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82266date:2017-01-04T00:00:00
db:BIDid:76757date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004937date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-248date:2015-09-24T00:00:00
db:NVDid:CVE-2015-4305date:2024-11-21T02:30:48.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-82266date:2015-09-20T00:00:00
db:BIDid:76757date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004937date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-248date:2015-09-18T00:00:00
db:NVDid:CVE-2015-4305date:2015-09-20T01:59:01.847