Sign-up

ID

VAR-201510-0022


CVE

CVE-2015-6345


TITLE

Cisco Secure Access Control Server of Solution Engine In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005682

DESCRIPTION

SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug IDCSCuw24700 . Solution Engine is one of the server engine solutions

Trust: 1.98

sources: NVD: CVE-2015-6345 // JVNDB: JVNDB-2015-005682 // BID: 77398 // VULHUB: VHN-84306

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control serverscope:eqversion:5.7.0.15

Trust: 1.6

vendor:ciscomodel:secure access control server solution enginescope:eqversion:5.7(0.15)

Trust: 0.8

sources: JVNDB: JVNDB-2015-005682 // CNNVD: CNNVD-201510-779 // NVD: CVE-2015-6345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6345
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6345
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-779
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84306
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6345
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84306
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84306 // JVNDB: JVNDB-2015-005682 // CNNVD: CNNVD-201510-779 // NVD: CVE-2015-6345

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-84306 // JVNDB: JVNDB-2015-005682 // NVD: CVE-2015-6345

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-779

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201510-779

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005682

PATCH
title:cisco-sa-20151023-acsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs
Trust: 0.8
title:Cisco Secure Access Control Server Solution Engine SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58511
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005682 // 
            
            
            
            CNNVD: CNNVD-201510-779

EXTERNAL IDS
db:NVDid:CVE-2015-6345
Trust: 2.8
db:SECTRACKid:1033967
Trust: 1.1
db:JVNDBid:JVNDB-2015-005682
Trust: 0.8
db:CNNVDid:CNNVD-201510-779
Trust: 0.7
db:BIDid:77398
Trust: 0.4
db:VULHUBid:VHN-84306
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84306 // 
            
            
            
            BID: 77398 // 
            
            
            
            JVNDB: JVNDB-2015-005682 // 
            
            
            
            CNNVD: CNNVD-201510-779 // 
            
            
            
            NVD: CVE-2015-6345

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151023-acs
Trust: 2.0
url:http://www.securitytracker.com/id/1033967
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6345
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6345
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84306 // 
            
            
            
            BID: 77398 // 
            
            
            
            JVNDB: JVNDB-2015-005682 // 
            
            
            
            CNNVD: CNNVD-201510-779 // 
            
            
            
            NVD: CVE-2015-6345

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77398

SOURCES
db:VULHUBid:VHN-84306
db:BIDid:77398
db:JVNDBid:JVNDB-2015-005682
db:CNNVDid:CNNVD-201510-779
db:NVDid:CVE-2015-6345

LAST UPDATE DATE
2024-11-23T22:27:04.849000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84306date:2016-12-07T00:00:00
db:BIDid:77398date:2016-07-05T22:23:00
db:JVNDBid:JVNDB-2015-005682date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-779date:2015-11-02T00:00:00
db:NVDid:CVE-2015-6345date:2024-11-21T02:34:49.507

SOURCES RELEASE DATE
db:VULHUBid:VHN-84306date:2015-10-30T00:00:00
db:BIDid:77398date:2015-10-26T00:00:00
db:JVNDBid:JVNDB-2015-005682date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-779date:2015-10-30T00:00:00
db:NVDid:CVE-2015-6345date:2015-10-30T10:59:02.430