Sign-up

ID

VAR-201509-0462


CVE

CVE-2015-4307


TITLE

Cisco Prime Collaboration Provisioning of Web Vulnerabilities that prevent access restrictions in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2015-004939

DESCRIPTION

The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. An attacker can exploit this issue to gain elevated privileges on an affected application. This issue is being tracked by Cisco Bug ID CSCut64111. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 2.07

sources: NVD: CVE-2015-4307 // JVNDB: JVNDB-2015-004939 // BID: 76760 // VULHUB: VHN-82268 // VULMON: CVE-2015-4307

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5.1

Trust: 1.9

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6.0

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:9.0.0

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0.0

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5.0

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:9.5.0

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5 .1

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:9.0 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:9.5 .0

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:9.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:neversion:11.0

Trust: 0.3

sources: BID: 76760 // JVNDB: JVNDB-2015-004939 // CNNVD: CNNVD-201509-245 // NVD: CVE-2015-4307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4307
value: HIGH

Trust: 1.0

NVD: CVE-2015-4307
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201509-245
value: CRITICAL

Trust: 0.6

VULHUB: VHN-82268
value: HIGH

Trust: 0.1

VULMON: CVE-2015-4307
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-4307
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-82268
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82268 // VULMON: CVE-2015-4307 // JVNDB: JVNDB-2015-004939 // CNNVD: CNNVD-201509-245 // NVD: CVE-2015-4307

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82268 // JVNDB: JVNDB-2015-004939 // NVD: CVE-2015-4307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-245

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201509-245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004939

PATCH
title:cisco-sa-20150916-pcpurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp
Trust: 0.8
title:40471url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40471
Trust: 0.8
title:cisco-sa-20150916-pcpurl:http://www.cisco.com/cisco/web/support/JP/113/1135/1135305_cisco-sa-20150916-pcp-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004939

EXTERNAL IDS
db:NVDid:CVE-2015-4307
Trust: 2.9
db:SECTRACKid:1033579
Trust: 1.2
db:BIDid:76760
Trust: 1.1
db:JVNDBid:JVNDB-2015-004939
Trust: 0.8
db:CNNVDid:CNNVD-201509-245
Trust: 0.7
db:VULHUBid:VHN-82268
Trust: 0.1
db:VULMONid:CVE-2015-4307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82268 // 
            
            
            
            VULMON: CVE-2015-4307 // 
            
            
            
            BID: 76760 // 
            
            
            
            JVNDB: JVNDB-2015-004939 // 
            
            
            
            CNNVD: CNNVD-201509-245 // 
            
            
            
            NVD: CVE-2015-4307

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150916-pcp
Trust: 2.1
url:http://www.securitytracker.com/id/1033579
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4307
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4307
Trust: 0.8
url:http://www.securityfocus.com/bid/76760
Trust: 0.7
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40471
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82268 // 
            
            
            
            VULMON: CVE-2015-4307 // 
            
            
            
            BID: 76760 // 
            
            
            
            JVNDB: JVNDB-2015-004939 // 
            
            
            
            CNNVD: CNNVD-201509-245 // 
            
            
            
            NVD: CVE-2015-4307

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 76760 // 
            
            
            
            CNNVD: CNNVD-201509-245

SOURCES
db:VULHUBid:VHN-82268
db:VULMONid:CVE-2015-4307
db:BIDid:76760
db:JVNDBid:JVNDB-2015-004939
db:CNNVDid:CNNVD-201509-245
db:NVDid:CVE-2015-4307

LAST UPDATE DATE
2024-11-23T22:34:56.556000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82268date:2017-01-04T00:00:00
db:VULMONid:CVE-2015-4307date:2017-01-04T00:00:00
db:BIDid:76760date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004939date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-245date:2015-09-25T00:00:00
db:NVDid:CVE-2015-4307date:2024-11-21T02:30:48.580

SOURCES RELEASE DATE
db:VULHUBid:VHN-82268date:2015-09-20T00:00:00
db:VULMONid:CVE-2015-4307date:2015-09-20T00:00:00
db:BIDid:76760date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004939date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-245date:2015-09-18T00:00:00
db:NVDid:CVE-2015-4307date:2015-09-20T01:59:04.207