Details of VAR-201510-0009

ID

VAR-201510-0009

CVE

CVE-2015-6318

TITLE

Cisco TelePresence Video Communication Server Expressway Vulnerable to arbitrary file writing

Trust: 0.8

sources: JVNDB: JVNDB-2015-005196

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. Attackers can exploit this issue to perform symbolic-link attacks, overwriting arbitrary files and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuv11969

Trust: 1.98

sources: NVD: CVE-2015-6318 // JVNDB: JVNDB-2015-005196 // BID: 77056 // VULHUB: VHN-84279

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.5.2	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.5.1	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	expressway x8.5.1	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	expressway x8.5.2	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server expressway	scope:	eq	version:	x8.5.2	Trust: 0.3

sources: BID: 77056 // JVNDB: JVNDB-2015-005196 // CNNVD: CNNVD-201510-147 // NVD: CVE-2015-6318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6318
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6318
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-147
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84279
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6318
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84279
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84279 // JVNDB: JVNDB-2015-005196 // CNNVD: CNNVD-201510-147 // NVD: CVE-2015-6318

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-84279 // JVNDB: JVNDB-2015-005196 // NVD: CVE-2015-6318

THREAT TYPE

local

Trust: 0.9

sources: BID: 77056 // CNNVD: CNNVD-201510-147

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201510-147

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005196

PATCH

title:

cisco-sa-20151007-vcs

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151007-vcs

Trust: 0.8

sources: JVNDB: JVNDB-2015-005196

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6318	Trust: 2.8
db:	SECTRACK	id:	1033781	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-005196	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-147	Trust: 0.7
db:	BID	id:	77056	Trust: 0.4
db:	VULHUB	id:	VHN-84279	Trust: 0.1

sources: VULHUB: VHN-84279 // BID: 77056 // JVNDB: JVNDB-2015-005196 // CNNVD: CNNVD-201510-147 // NVD: CVE-2015-6318

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151007-vcs	Trust: 2.0
url:	http://www.securitytracker.com/id/1033781	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6318	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6318	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-84279 // BID: 77056 // JVNDB: JVNDB-2015-005196 // CNNVD: CNNVD-201510-147 // NVD: CVE-2015-6318

CREDITS

Cisco

Trust: 0.3

sources: BID: 77056

SOURCES

db:	VULHUB	id:	VHN-84279
db:	BID	id:	77056
db:	JVNDB	id:	JVNDB-2015-005196
db:	CNNVD	id:	CNNVD-201510-147
db:	NVD	id:	CVE-2015-6318

LAST UPDATE DATE

2024-11-23T22:56:24.196000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84279	date:	2017-01-04T00:00:00
db:	BID	id:	77056	date:	2015-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2015-005196	date:	2015-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201510-147	date:	2015-10-16T00:00:00
db:	NVD	id:	CVE-2015-6318	date:	2024-11-21T02:34:46.447

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84279	date:	2015-10-12T00:00:00
db:	BID	id:	77056	date:	2015-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2015-005196	date:	2015-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201510-147	date:	2015-10-13T00:00:00
db:	NVD	id:	CVE-2015-6318	date:	2015-10-12T10:59:09.210