Details of VAR-201511-0223

ID

VAR-201511-0223

CVE

CVE-2015-6371

TITLE

Cisco Firepower 9000 Run on device Firepower Extensible Operating System Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2015-005972

DESCRIPTION

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621. The Cisco Firepower 9000 is a set of operating systems running on the 9000 Series firewall appliances from Cisco. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCux10621

Trust: 2.52

sources: NVD: CVE-2015-6371 // JVNDB: JVNDB-2015-005972 // CNVD: CNVD-2015-07744 // BID: 77635 // VULHUB: VHN-84332

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07744

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	1.1\(1.160\)	Trust: 1.6
vendor:	cisco	model:	firepower extensible operating system	scope:	eq	version:	1.1(1.160)	Trust: 0.8
vendor:	cisco	model:	firepower extensible operating system on firepower devices	scope:	eq	version:	1.1(1.160)9000	Trust: 0.6
vendor:	cisco	model:	firepower series	scope:	eq	version:	90001.1(1.160)	Trust: 0.3

sources: CNVD: CNVD-2015-07744 // BID: 77635 // JVNDB: JVNDB-2015-005972 // CNNVD: CNNVD-201511-311 // NVD: CVE-2015-6371

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6371
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6371
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07744
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201511-311
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84332
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6371
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07744
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84332
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-07744 // VULHUB: VHN-84332 // JVNDB: JVNDB-2015-005972 // CNNVD: CNNVD-201511-311 // NVD: CVE-2015-6371

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-84332 // JVNDB: JVNDB-2015-005972 // NVD: CVE-2015-6371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-311

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201511-311

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005972

PATCH

title:

cisco-sa-20151117-firepower1

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower1

Trust: 0.8

sources: JVNDB: JVNDB-2015-005972

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6371	Trust: 3.4
db:	BID	id:	77635	Trust: 1.6
db:	JVNDB	id:	JVNDB-2015-005972	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-311	Trust: 0.7
db:	CNVD	id:	CNVD-2015-07744	Trust: 0.6
db:	SEEBUG	id:	SSVID-89893	Trust: 0.1
db:	VULHUB	id:	VHN-84332	Trust: 0.1

sources: CNVD: CNVD-2015-07744 // VULHUB: VHN-84332 // BID: 77635 // JVNDB: JVNDB-2015-005972 // CNNVD: CNNVD-201511-311 // NVD: CVE-2015-6371

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151117-firepower1	Trust: 2.6
url:	http://www.securityfocus.com/bid/77635	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6371	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6371	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2015-07744 // VULHUB: VHN-84332 // BID: 77635 // JVNDB: JVNDB-2015-005972 // CNNVD: CNNVD-201511-311 // NVD: CVE-2015-6371

CREDITS

Cisco

Trust: 0.9

sources: BID: 77635 // CNNVD: CNNVD-201511-311

SOURCES

db:	CNVD	id:	CNVD-2015-07744
db:	VULHUB	id:	VHN-84332
db:	BID	id:	77635
db:	JVNDB	id:	JVNDB-2015-005972
db:	CNNVD	id:	CNNVD-201511-311
db:	NVD	id:	CVE-2015-6371

LAST UPDATE DATE

2024-11-23T22:45:55.491000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07744	date:	2015-11-24T00:00:00
db:	VULHUB	id:	VHN-84332	date:	2015-11-19T00:00:00
db:	BID	id:	77635	date:	2015-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2015-005972	date:	2015-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201511-311	date:	2015-11-19T00:00:00
db:	NVD	id:	CVE-2015-6371	date:	2024-11-21T02:34:52.507

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07744	date:	2015-11-24T00:00:00
db:	VULHUB	id:	VHN-84332	date:	2015-11-19T00:00:00
db:	BID	id:	77635	date:	2015-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2015-005972	date:	2015-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201511-311	date:	2015-11-19T00:00:00
db:	NVD	id:	CVE-2015-6371	date:	2015-11-19T02:59:05.097