Details of VAR-201511-0219

ID

VAR-201511-0219

CVE

CVE-2015-6368

TITLE

Cisco Firepower 9000 Run on device Firepower Extensible Operating System Vulnerable to reading files

Trust: 0.8

sources: JVNDB: JVNDB-2015-005969

DESCRIPTION

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCux10608

Trust: 2.52

sources: NVD: CVE-2015-6368 // JVNDB: JVNDB-2015-005969 // CNVD: CNVD-2015-07760 // BID: 77614 // VULHUB: VHN-84329

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07760

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	1.1\(1.160\)	Trust: 1.6
vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	1.1(1.160)	Trust: 0.8
vendor:	cisco	model:	firepower extensible operating system on firepower devices	scope:	eq	version:	1.1(1.160)9000	Trust: 0.6
vendor:	cisco	model:	firepower series	scope:	eq	version:	90001.1(1.160)	Trust: 0.3

sources: CNVD: CNVD-2015-07760 // BID: 77614 // JVNDB: JVNDB-2015-005969 // CNNVD: CNNVD-201511-317 // NVD: CVE-2015-6368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6368
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6368
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07760
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201511-317
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84329
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6368
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07760
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84329
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-07760 // VULHUB: VHN-84329 // JVNDB: JVNDB-2015-005969 // CNNVD: CNNVD-201511-317 // NVD: CVE-2015-6368

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-84329 // JVNDB: JVNDB-2015-005969 // NVD: CVE-2015-6368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-317

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201511-317

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005969

PATCH

title:	cisco-sa-20151116-firepower	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-firepower	Trust: 0.8
title:	Patch for Cisco Firepower 9000 Firepower Extensible Operating System File Read Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/67087	Trust: 0.6

sources: CNVD: CNVD-2015-07760 // JVNDB: JVNDB-2015-005969

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6368	Trust: 3.4
db:	BID	id:	77614	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-005969	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-317	Trust: 0.7
db:	CNVD	id:	CNVD-2015-07760	Trust: 0.6
db:	SEEBUG	id:	SSVID-89911	Trust: 0.1
db:	VULHUB	id:	VHN-84329	Trust: 0.1

sources: CNVD: CNVD-2015-07760 // VULHUB: VHN-84329 // BID: 77614 // JVNDB: JVNDB-2015-005969 // CNNVD: CNNVD-201511-317 // NVD: CVE-2015-6368

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151116-firepower	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6368	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6368	Trust: 0.8
url:	http://www.securityfocus.com/bid/77614	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-07760 // VULHUB: VHN-84329 // BID: 77614 // JVNDB: JVNDB-2015-005969 // CNNVD: CNNVD-201511-317 // NVD: CVE-2015-6368

CREDITS

Cisco

Trust: 0.9

sources: BID: 77614 // CNNVD: CNNVD-201511-317

SOURCES

db:	CNVD	id:	CNVD-2015-07760
db:	VULHUB	id:	VHN-84329
db:	BID	id:	77614
db:	JVNDB	id:	JVNDB-2015-005969
db:	CNNVD	id:	CNNVD-201511-317
db:	NVD	id:	CVE-2015-6368

LAST UPDATE DATE

2024-11-23T22:42:26.779000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07760	date:	2015-11-24T00:00:00
db:	VULHUB	id:	VHN-84329	date:	2015-11-19T00:00:00
db:	BID	id:	77614	date:	2015-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-005969	date:	2015-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201511-317	date:	2015-11-19T00:00:00
db:	NVD	id:	CVE-2015-6368	date:	2024-11-21T02:34:52.177

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07760	date:	2015-11-24T00:00:00
db:	VULHUB	id:	VHN-84329	date:	2015-11-19T00:00:00
db:	BID	id:	77614	date:	2015-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-005969	date:	2015-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201511-317	date:	2015-11-19T00:00:00
db:	NVD	id:	CVE-2015-6368	date:	2015-11-19T02:59:00.107