Sign-up

ID

VAR-201510-0029


CVE

CVE-2015-6352


TITLE

Cisco Unified Communications Domain Manager Vulnerabilities mapped in the file system

Trust: 0.8

sources: JVNDB: JVNDB-2015-005689

DESCRIPTION

Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. Vendors have confirmed this vulnerability Bug ID CSCut67891 It is released as.A third party may be able to map the file system through a series of requests. Cisco Unified Communications Domain Manager is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCut67891. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A security vulnerability exists in Cisco UCDM versions prior to 10.6(1) due to the different methods used by the program to handle paths that exist and do not exist

Trust: 1.98

sources: NVD: CVE-2015-6352 // JVNDB: JVNDB-2015-005689 // BID: 77341 // VULHUB: VHN-84313

AFFECTED PRODUCTS

vendor:ciscomodel:hosted collaboration solutionscope:eqversion:10.6_base

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:10.6_base

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:ltversion:10.6(1)

Trust: 0.8

sources: JVNDB: JVNDB-2015-005689 // CNNVD: CNNVD-201510-786 // NVD: CVE-2015-6352

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6352
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6352
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-786
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84313
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6352
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84313
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84313 // JVNDB: JVNDB-2015-005689 // CNNVD: CNNVD-201510-786 // NVD: CVE-2015-6352

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84313 // JVNDB: JVNDB-2015-005689 // NVD: CVE-2015-6352

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-786

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-786

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005689

PATCH
title:cisco-sa-20151027-ucdurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-005689

EXTERNAL IDS
db:NVDid:CVE-2015-6352
Trust: 2.8
db:BIDid:77341
Trust: 1.4
db:SECTRACKid:1034022
Trust: 1.1
db:JVNDBid:JVNDB-2015-005689
Trust: 0.8
db:CNNVDid:CNNVD-201510-786
Trust: 0.7
db:VULHUBid:VHN-84313
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84313 // 
            
            
            
            BID: 77341 // 
            
            
            
            JVNDB: JVNDB-2015-005689 // 
            
            
            
            CNNVD: CNNVD-201510-786 // 
            
            
            
            NVD: CVE-2015-6352

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151027-ucd
Trust: 2.0
url:http://www.securityfocus.com/bid/77341
Trust: 1.1
url:http://www.securitytracker.com/id/1034022
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6352
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6352
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84313 // 
            
            
            
            BID: 77341 // 
            
            
            
            JVNDB: JVNDB-2015-005689 // 
            
            
            
            CNNVD: CNNVD-201510-786 // 
            
            
            
            NVD: CVE-2015-6352

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77341

SOURCES
db:VULHUBid:VHN-84313
db:BIDid:77341
db:JVNDBid:JVNDB-2015-005689
db:CNNVDid:CNNVD-201510-786
db:NVDid:CVE-2015-6352

LAST UPDATE DATE
2024-11-23T22:18:22.414000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84313date:2016-12-07T00:00:00
db:BIDid:77341date:2015-12-07T22:16:00
db:JVNDBid:JVNDB-2015-005689date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-786date:2015-11-02T00:00:00
db:NVDid:CVE-2015-6352date:2024-11-21T02:34:50.267

SOURCES RELEASE DATE
db:VULHUBid:VHN-84313date:2015-10-30T00:00:00
db:BIDid:77341date:2015-10-28T00:00:00
db:JVNDBid:JVNDB-2015-005689date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-786date:2015-10-30T00:00:00
db:NVDid:CVE-2015-6352date:2015-10-30T10:59:10.967