Details of VAR-201510-0015

ID

VAR-201510-0015

CVE

CVE-2015-6333

TITLE

Cisco Application Policy Infrastructure Controller Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2015-005329

DESCRIPTION

Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. Cisco Application Policy Infrastructure Controller (APIC) Contains a privileged vulnerability. A local attacker may exploit this issue to gain elevated privileges on the affected system. This issue is being tracked by Cisco Bug ID CSCuw46076

Trust: 2.52

sources: NVD: CVE-2015-6333 // JVNDB: JVNDB-2015-005329 // CNVD: CNVD-2015-06705 // BID: 77111 // VULHUB: VHN-84294

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-06705

AFFECTED PRODUCTS

vendor:	cisco	model:	application policy infrastructure controller	scope:	eq	version:	1.1\(1j\)	Trust: 1.6
vendor:	cisco	model:	application policy infrastructure controller 1.1j	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	application policy infrastructure controller software	scope:	eq	version:	1.1j	Trust: 0.8

sources: CNVD: CNVD-2015-06705 // BID: 77111 // JVNDB: JVNDB-2015-005329 // CNNVD: CNNVD-201510-289 // NVD: CVE-2015-6333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6333
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6333
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06705
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201510-289
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84294
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6333
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-06705
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84294
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-06705 // VULHUB: VHN-84294 // JVNDB: JVNDB-2015-005329 // CNNVD: CNNVD-201510-289 // NVD: CVE-2015-6333

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-84294 // JVNDB: JVNDB-2015-005329 // NVD: CVE-2015-6333

THREAT TYPE

local

Trust: 0.9

sources: BID: 77111 // CNNVD: CNNVD-201510-289

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201510-289

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005329

PATCH

title:	cisco-sa-20151012-apic	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-apic	Trust: 0.8
title:	Patch for Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/65529	Trust: 0.6
title:	Cisco Application Policy Infrastructure Controller Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58137	Trust: 0.6

sources: CNVD: CNVD-2015-06705 // JVNDB: JVNDB-2015-005329 // CNNVD: CNNVD-201510-289

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6333	Trust: 3.4
db:	SECTRACK	id:	1033793	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-005329	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-289	Trust: 0.7
db:	CNVD	id:	CNVD-2015-06705	Trust: 0.6
db:	BID	id:	77111	Trust: 0.4
db:	VULHUB	id:	VHN-84294	Trust: 0.1

sources: CNVD: CNVD-2015-06705 // VULHUB: VHN-84294 // BID: 77111 // JVNDB: JVNDB-2015-005329 // CNNVD: CNNVD-201510-289 // NVD: CVE-2015-6333

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151012-apic	Trust: 2.6
url:	http://www.securitytracker.com/id/1033793	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6333	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6333	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-06705 // VULHUB: VHN-84294 // BID: 77111 // JVNDB: JVNDB-2015-005329 // CNNVD: CNNVD-201510-289 // NVD: CVE-2015-6333

CREDITS

Cisco

Trust: 0.3

sources: BID: 77111

SOURCES

db:	CNVD	id:	CNVD-2015-06705
db:	VULHUB	id:	VHN-84294
db:	BID	id:	77111
db:	JVNDB	id:	JVNDB-2015-005329
db:	CNNVD	id:	CNNVD-201510-289
db:	NVD	id:	CVE-2015-6333

LAST UPDATE DATE

2024-11-23T21:54:50.487000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-06705	date:	2015-10-22T00:00:00
db:	VULHUB	id:	VHN-84294	date:	2016-12-09T00:00:00
db:	BID	id:	77111	date:	2015-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-005329	date:	2015-10-19T00:00:00
db:	CNNVD	id:	CNNVD-201510-289	date:	2015-10-16T00:00:00
db:	NVD	id:	CVE-2015-6333	date:	2024-11-21T02:34:48.447

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-06705	date:	2015-10-21T00:00:00
db:	VULHUB	id:	VHN-84294	date:	2015-10-16T00:00:00
db:	BID	id:	77111	date:	2015-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-005329	date:	2015-10-19T00:00:00
db:	CNNVD	id:	CNNVD-201510-289	date:	2015-10-16T00:00:00
db:	NVD	id:	CVE-2015-6333	date:	2015-10-16T01:59:05.857