Details of VAR-201511-0005

ID

VAR-201511-0005

CVE

CVE-2015-6330

TITLE

Cisco Prime Collaboration Assurance Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-005953

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. Vendors have confirmed this vulnerability Bug ID CSCus62712 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCus62712. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites

Trust: 2.07

sources: NVD: CVE-2015-6330 // JVNDB: JVNDB-2015-005953 // BID: 77599 // VULHUB: VHN-84291 // VULMON: CVE-2015-6330

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.6	Trust: 1.1
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.5(1)	Trust: 1.1

sources: BID: 77599 // JVNDB: JVNDB-2015-005953 // CNNVD: CNNVD-201511-287 // NVD: CVE-2015-6330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6330
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6330
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201511-287
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84291
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-6330
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6330
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-84291
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84291 // VULMON: CVE-2015-6330 // JVNDB: JVNDB-2015-005953 // CNNVD: CNNVD-201511-287 // NVD: CVE-2015-6330

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-84291 // JVNDB: JVNDB-2015-005953 // NVD: CVE-2015-6330

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-287

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201511-287

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005953

PATCH

title:	cisco-sa-20151008-pca1	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca1	Trust: 0.8
title:	Cisco Prime Collaboration Assurance Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58771	Trust: 0.6
title:	Cisco: Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151008-pca1	Trust: 0.1

sources: VULMON: CVE-2015-6330 // JVNDB: JVNDB-2015-005953 // CNNVD: CNNVD-201511-287

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6330	Trust: 2.9
db:	JVNDB	id:	JVNDB-2015-005953	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-287	Trust: 0.6
db:	BID	id:	77599	Trust: 0.5
db:	VULHUB	id:	VHN-84291	Trust: 0.1
db:	VULMON	id:	CVE-2015-6330	Trust: 0.1

sources: VULHUB: VHN-84291 // VULMON: CVE-2015-6330 // BID: 77599 // JVNDB: JVNDB-2015-005953 // CNNVD: CNNVD-201511-287 // NVD: CVE-2015-6330

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151008-pca1	Trust: 2.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6330	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6330	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/77599	Trust: 0.1

sources: VULHUB: VHN-84291 // VULMON: CVE-2015-6330 // BID: 77599 // JVNDB: JVNDB-2015-005953 // CNNVD: CNNVD-201511-287 // NVD: CVE-2015-6330

CREDITS

Cisco

Trust: 0.3

sources: BID: 77599

SOURCES

db:	VULHUB	id:	VHN-84291
db:	VULMON	id:	CVE-2015-6330
db:	BID	id:	77599
db:	JVNDB	id:	JVNDB-2015-005953
db:	CNNVD	id:	CNNVD-201511-287
db:	NVD	id:	CVE-2015-6330

LAST UPDATE DATE

2024-11-23T23:02:39.445000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84291	date:	2015-11-18T00:00:00
db:	VULMON	id:	CVE-2015-6330	date:	2015-11-18T00:00:00
db:	BID	id:	77599	date:	2015-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-005953	date:	2015-11-19T00:00:00
db:	CNNVD	id:	CNNVD-201511-287	date:	2015-11-19T00:00:00
db:	NVD	id:	CVE-2015-6330	date:	2024-11-21T02:34:48.113

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84291	date:	2015-11-18T00:00:00
db:	VULMON	id:	CVE-2015-6330	date:	2015-11-18T00:00:00
db:	BID	id:	77599	date:	2015-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-005953	date:	2015-11-19T00:00:00
db:	CNNVD	id:	CNNVD-201511-287	date:	2015-11-19T00:00:00
db:	NVD	id:	CVE-2015-6330	date:	2015-11-18T11:59:00.120