Sign-up

ID

VAR-201510-0017


CVE

CVE-2015-6335


TITLE

VMware for Cisco FireSIGHT Management Center Vulnerabilities that can bypass policy restrictions in the implementation of policy

Trust: 0.8

sources: JVNDB: JVNDB-2015-005603

DESCRIPTION

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. The Cisco FireSIGHT Management Center centrally manages the network security and operational features of Cisco ASA with FirePOWER Services and Cisco FirePOWER appliances. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCuw12839

Trust: 2.52

sources: NVD: CVE-2015-6335 // JVNDB: JVNDB-2015-005603 // CNVD: CNVD-2015-06866 // BID: 77124 // VULHUB: VHN-84296

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06866

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.7

Trust: 2.4

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.4

Trust: 2.4

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 2.4

vendor:ciscomodel:firesight management centerscope:eqversion:5.3.1.7

Trust: 0.6

vendor:ciscomodel:firesight management centerscope:eqversion:5.4.0.4

Trust: 0.6

vendor:ciscomodel:firesight management centerscope:eqversion:6.0.0

Trust: 0.6

vendor:ciscomodel:firesight management center for vmwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firesight management center for vmwarescope:eqversion:5.4.0.4

Trust: 0.3

vendor:ciscomodel:firesight management center for vmwarescope:eqversion:5.3.1.7

Trust: 0.3

sources: CNVD: CNVD-2015-06866 // BID: 77124 // JVNDB: JVNDB-2015-005603 // CNNVD: CNNVD-201510-571 // NVD: CVE-2015-6335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6335
value: HIGH

Trust: 1.0

NVD: CVE-2015-6335
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-06866
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201510-571
value: CRITICAL

Trust: 0.6

VULHUB: VHN-84296
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6335
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06866
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84296
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-06866 // VULHUB: VHN-84296 // JVNDB: JVNDB-2015-005603 // CNNVD: CNNVD-201510-571 // NVD: CVE-2015-6335

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-84296 // JVNDB: JVNDB-2015-005603 // NVD: CVE-2015-6335

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-571

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201510-571

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005603

PATCH
title:cisco-sa-20151016-fmcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc
Trust: 0.8
title:Cisco FireSIGHT Management Center arbitrary command execution vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/65892
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06866 // 
            
            
            
            JVNDB: JVNDB-2015-005603

EXTERNAL IDS
db:NVDid:CVE-2015-6335
Trust: 3.4
db:SECTRACKid:1033873
Trust: 1.1
db:JVNDBid:JVNDB-2015-005603
Trust: 0.8
db:CNNVDid:CNNVD-201510-571
Trust: 0.7
db:CNVDid:CNVD-2015-06866
Trust: 0.6
db:BIDid:77124
Trust: 0.4
db:VULHUBid:VHN-84296
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-06866 // 
            
            
            
            VULHUB: VHN-84296 // 
            
            
            
            BID: 77124 // 
            
            
            
            JVNDB: JVNDB-2015-005603 // 
            
            
            
            CNNVD: CNNVD-201510-571 // 
            
            
            
            NVD: CVE-2015-6335

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151016-fmc
Trust: 2.6
url:http://www.securitytracker.com/id/1033873
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6335
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6335
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06866 // 
            
            
            
            VULHUB: VHN-84296 // 
            
            
            
            BID: 77124 // 
            
            
            
            JVNDB: JVNDB-2015-005603 // 
            
            
            
            CNNVD: CNNVD-201510-571 // 
            
            
            
            NVD: CVE-2015-6335

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77124

SOURCES
db:CNVDid:CNVD-2015-06866
db:VULHUBid:VHN-84296
db:BIDid:77124
db:JVNDBid:JVNDB-2015-005603
db:CNNVDid:CNNVD-201510-571
db:NVDid:CVE-2015-6335

LAST UPDATE DATE
2024-11-23T23:09:13.907000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06866date:2015-10-28T00:00:00
db:VULHUBid:VHN-84296date:2017-01-05T00:00:00
db:BIDid:77124date:2015-10-19T00:00:00
db:JVNDBid:JVNDB-2015-005603date:2015-10-28T00:00:00
db:CNNVDid:CNNVD-201510-571date:2015-10-30T00:00:00
db:NVDid:CVE-2015-6335date:2024-11-21T02:34:48.677

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-06866date:2015-10-28T00:00:00
db:VULHUBid:VHN-84296date:2015-10-25T00:00:00
db:BIDid:77124date:2015-10-19T00:00:00
db:JVNDBid:JVNDB-2015-005603date:2015-10-28T00:00:00
db:CNNVDid:CNNVD-201510-571date:2015-10-26T00:00:00
db:NVDid:CVE-2015-6335date:2015-10-25T02:59:10.467