Sign-up

ID

VAR-201510-0012


CVE

CVE-2015-6329


TITLE

Cisco Prime Collaboration Provisioning In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005192

DESCRIPTION

SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCut64074. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2015-6329 // JVNDB: JVNDB-2015-005192 // BID: 77050 // VULHUB: VHN-84290

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6.0

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.0

Trust: 1.1

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 1.1

sources: BID: 77050 // JVNDB: JVNDB-2015-005192 // CNNVD: CNNVD-201510-149 // NVD: CVE-2015-6329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6329
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6329
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-149
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84290
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6329
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84290
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84290 // JVNDB: JVNDB-2015-005192 // CNNVD: CNNVD-201510-149 // NVD: CVE-2015-6329

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-84290 // JVNDB: JVNDB-2015-005192 // NVD: CVE-2015-6329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-149

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201510-149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005192

PATCH
title:cisco-sa-20151008-pcpurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pcp
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-005192

EXTERNAL IDS
db:NVDid:CVE-2015-6329
Trust: 2.8
db:SECTRACKid:1033783
Trust: 1.1
db:JVNDBid:JVNDB-2015-005192
Trust: 0.8
db:CNNVDid:CNNVD-201510-149
Trust: 0.7
db:BIDid:77050
Trust: 0.4
db:VULHUBid:VHN-84290
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84290 // 
            
            
            
            BID: 77050 // 
            
            
            
            JVNDB: JVNDB-2015-005192 // 
            
            
            
            CNNVD: CNNVD-201510-149 // 
            
            
            
            NVD: CVE-2015-6329

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151008-pcp
Trust: 2.0
url:http://www.securitytracker.com/id/1033783
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6329
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6329
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12363/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84290 // 
            
            
            
            BID: 77050 // 
            
            
            
            JVNDB: JVNDB-2015-005192 // 
            
            
            
            CNNVD: CNNVD-201510-149 // 
            
            
            
            NVD: CVE-2015-6329

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77050

SOURCES
db:VULHUBid:VHN-84290
db:BIDid:77050
db:JVNDBid:JVNDB-2015-005192
db:CNNVDid:CNNVD-201510-149
db:NVDid:CVE-2015-6329

LAST UPDATE DATE
2024-11-23T22:34:56.495000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84290date:2016-12-09T00:00:00
db:BIDid:77050date:2015-10-08T00:00:00
db:JVNDBid:JVNDB-2015-005192date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201510-149date:2015-10-13T00:00:00
db:NVDid:CVE-2015-6329date:2024-11-21T02:34:48.003

SOURCES RELEASE DATE
db:VULHUBid:VHN-84290date:2015-10-12T00:00:00
db:BIDid:77050date:2015-10-08T00:00:00
db:JVNDBid:JVNDB-2015-005192date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201510-149date:2015-10-13T00:00:00
db:NVDid:CVE-2015-6329date:2015-10-12T10:59:11.430