Details of VAR-201510-0021

ID

VAR-201510-0021

CVE

CVE-2015-6344

TITLE

Cisco Adaptive Security Appliance CX Context-Aware Security of Web Base of GUI Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-005681

DESCRIPTION

The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuv74105

Trust: 2.52

sources: NVD: CVE-2015-6344 // JVNDB: JVNDB-2015-005681 // CNVD: CNVD-2015-07362 // BID: 77343 // VULHUB: VHN-84305

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07362

AFFECTED PRODUCTS

vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.3.4.1.11	Trust: 1.6
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.3(4.1.11)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance cx context-aware security	scope:	eq	version:	9.3	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance cx context-aware security	scope:	eq	version:	9.3(4.1.11)	Trust: 0.3

sources: CNVD: CNVD-2015-07362 // BID: 77343 // JVNDB: JVNDB-2015-005681 // CNNVD: CNNVD-201510-778 // NVD: CVE-2015-6344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6344
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6344
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07362
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201510-778
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84305
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6344
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07362
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84305
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-07362 // VULHUB: VHN-84305 // JVNDB: JVNDB-2015-005681 // CNNVD: CNNVD-201510-778 // NVD: CVE-2015-6344

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-84305 // JVNDB: JVNDB-2015-005681 // NVD: CVE-2015-6344

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-778

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-778

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005681

PATCH

title:

cisco-sa-20151027-cas

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas

Trust: 0.8

sources: JVNDB: JVNDB-2015-005681

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6344	Trust: 3.4
db:	SECTRACK	id:	1034001	Trust: 1.1
db:	BID	id:	77343	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-005681	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-778	Trust: 0.7
db:	CNVD	id:	CNVD-2015-07362	Trust: 0.6
db:	VULHUB	id:	VHN-84305	Trust: 0.1

sources: CNVD: CNVD-2015-07362 // VULHUB: VHN-84305 // BID: 77343 // JVNDB: JVNDB-2015-005681 // CNNVD: CNNVD-201510-778 // NVD: CVE-2015-6344

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151027-cas	Trust: 2.6
url:	http://www.securitytracker.com/id/1034001	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6344	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6344	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-07362 // VULHUB: VHN-84305 // BID: 77343 // JVNDB: JVNDB-2015-005681 // CNNVD: CNNVD-201510-778 // NVD: CVE-2015-6344

CREDITS

Cisco

Trust: 0.3

sources: BID: 77343

SOURCES

db:	CNVD	id:	CNVD-2015-07362
db:	VULHUB	id:	VHN-84305
db:	BID	id:	77343
db:	JVNDB	id:	JVNDB-2015-005681
db:	CNNVD	id:	CNNVD-201510-778
db:	NVD	id:	CVE-2015-6344

LAST UPDATE DATE

2024-11-23T22:59:31.367000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07362	date:	2015-11-10T00:00:00
db:	VULHUB	id:	VHN-84305	date:	2016-12-07T00:00:00
db:	BID	id:	77343	date:	2015-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-005681	date:	2015-11-02T00:00:00
db:	CNNVD	id:	CNNVD-201510-778	date:	2015-11-02T00:00:00
db:	NVD	id:	CVE-2015-6344	date:	2024-11-21T02:34:49.400

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07362	date:	2015-11-10T00:00:00
db:	VULHUB	id:	VHN-84305	date:	2015-10-30T00:00:00
db:	BID	id:	77343	date:	2015-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-005681	date:	2015-11-02T00:00:00
db:	CNNVD	id:	CNNVD-201510-778	date:	2015-10-30T00:00:00
db:	NVD	id:	CVE-2015-6344	date:	2015-10-30T10:59:00.117