Sign-up

ID

VAR-201510-0011


CVE

CVE-2015-6328


TITLE

Cisco Prime Collaboration Assurance of Web Vulnerabilities that prevent access restrictions in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2015-005197

DESCRIPTION

The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380. Cisco Prime Collaboration Assurance is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to gain access to sensitive information. This issue is being tracked by Cisco Bug IDs CSCus62680 and CSCus88380. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. A security vulnerability exists in the web framework of Cisco PCA 10.5(1) release

Trust: 1.98

sources: NVD: CVE-2015-6328 // JVNDB: JVNDB-2015-005197 // BID: 77051 // VULHUB: VHN-84289

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5.1

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5(1)

Trust: 1.1

sources: BID: 77051 // JVNDB: JVNDB-2015-005197 // CNNVD: CNNVD-201510-152 // NVD: CVE-2015-6328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6328
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6328
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-152
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84289
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6328
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84289
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84289 // JVNDB: JVNDB-2015-005197 // CNNVD: CNNVD-201510-152 // NVD: CVE-2015-6328

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84289 // JVNDB: JVNDB-2015-005197 // NVD: CVE-2015-6328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-152

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-152

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005197

PATCH
title:cisco-sa-20151008-pcaurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca
Trust: 0.8
title:Cisco Prime Collaboration Assurance Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58002
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005197 // 
            
            
            
            CNNVD: CNNVD-201510-152

EXTERNAL IDS
db:NVDid:CVE-2015-6328
Trust: 2.8
db:SECTRACKid:1033784
Trust: 1.1
db:JVNDBid:JVNDB-2015-005197
Trust: 0.8
db:CNNVDid:CNNVD-201510-152
Trust: 0.7
db:BIDid:77051
Trust: 0.4
db:VULHUBid:VHN-84289
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84289 // 
            
            
            
            BID: 77051 // 
            
            
            
            JVNDB: JVNDB-2015-005197 // 
            
            
            
            CNNVD: CNNVD-201510-152 // 
            
            
            
            NVD: CVE-2015-6328

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151008-pca
Trust: 1.7
url:http://www.securitytracker.com/id/1033784
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6328
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6328
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps12363/index.html
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151008-pca 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84289 // 
            
            
            
            BID: 77051 // 
            
            
            
            JVNDB: JVNDB-2015-005197 // 
            
            
            
            CNNVD: CNNVD-201510-152 // 
            
            
            
            NVD: CVE-2015-6328

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77051

SOURCES
db:VULHUBid:VHN-84289
db:BIDid:77051
db:JVNDBid:JVNDB-2015-005197
db:CNNVDid:CNNVD-201510-152
db:NVDid:CVE-2015-6328

LAST UPDATE DATE
2024-11-23T22:07:58.897000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84289date:2016-12-09T00:00:00
db:BIDid:77051date:2015-10-08T00:00:00
db:JVNDBid:JVNDB-2015-005197date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201510-152date:2015-10-16T00:00:00
db:NVDid:CVE-2015-6328date:2024-11-21T02:34:47.867

SOURCES RELEASE DATE
db:VULHUBid:VHN-84289date:2015-10-13T00:00:00
db:BIDid:77051date:2015-10-08T00:00:00
db:JVNDBid:JVNDB-2015-005197date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201510-152date:2015-10-13T00:00:00
db:NVDid:CVE-2015-6328date:2015-10-13T00:59:01.543