Sign-up

ID

VAR-201511-0225


CVE

CVE-2015-6373


TITLE

Cisco Firepower 9000 Run on device Firepower Extensible Operating System Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-005974

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. Vendors have confirmed this vulnerability Bug ID CSCux10611 It is released as.A third party may be able to hijack the authentication of any user. The Cisco Firepower 9000 is a set of operating systems running on the 9000 Series firewall appliances from Cisco. Allows a remote attacker to exploit this vulnerability to perform unauthorized operations or to access affected applications. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCux10611

Trust: 2.52

sources: NVD: CVE-2015-6373 // JVNDB: JVNDB-2015-005974 // CNVD: CNVD-2015-07740 // BID: 77628 // VULHUB: VHN-84334

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07740

AFFECTED PRODUCTS

vendor:ciscomodel:firepower extensible operating systemscope:eqversion:1.1\(1.160\)

Trust: 1.6

vendor:ciscomodel:firepower extensible operating systemscope:eqversion:1.1(1.160)

Trust: 0.8

vendor:ciscomodel:firepower extensible operating system on firepower devicesscope:eqversion:1.1(1.160)9000

Trust: 0.6

vendor:ciscomodel:firepower seriesscope:eqversion:90001.1(1.160)

Trust: 0.3

sources: CNVD: CNVD-2015-07740 // BID: 77628 // JVNDB: JVNDB-2015-005974 // CNNVD: CNNVD-201511-292 // NVD: CVE-2015-6373

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6373
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6373
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07740
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201511-292
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84334
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6373
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07740
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84334
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-07740 // VULHUB: VHN-84334 // JVNDB: JVNDB-2015-005974 // CNNVD: CNNVD-201511-292 // NVD: CVE-2015-6373

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-84334 // JVNDB: JVNDB-2015-005974 // NVD: CVE-2015-6373

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-292

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201511-292

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005974

PATCH
title:cisco-sa-20151117-firepower3url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower3
Trust: 0.8
title:Patch for Cisco Firepower 9000 Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/67024
Trust: 0.6
title:Cisco Firepower 9000 Firepower Extensible Operating System Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58776
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07740 // 
            
            
            
            JVNDB: JVNDB-2015-005974 // 
            
            
            
            CNNVD: CNNVD-201511-292

EXTERNAL IDS
db:NVDid:CVE-2015-6373
Trust: 3.4
db:BIDid:77628
Trust: 1.0
db:JVNDBid:JVNDB-2015-005974
Trust: 0.8
db:CNNVDid:CNNVD-201511-292
Trust: 0.7
db:CNVDid:CNVD-2015-07740
Trust: 0.6
db:VULHUBid:VHN-84334
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07740 // 
            
            
            
            VULHUB: VHN-84334 // 
            
            
            
            BID: 77628 // 
            
            
            
            JVNDB: JVNDB-2015-005974 // 
            
            
            
            CNNVD: CNNVD-201511-292 // 
            
            
            
            NVD: CVE-2015-6373

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151117-firepower3
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6373
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6373
Trust: 0.8
url:http://www.securityfocus.com/bid/77628
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07740 // 
            
            
            
            VULHUB: VHN-84334 // 
            
            
            
            BID: 77628 // 
            
            
            
            JVNDB: JVNDB-2015-005974 // 
            
            
            
            CNNVD: CNNVD-201511-292 // 
            
            
            
            NVD: CVE-2015-6373

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77628

SOURCES
db:CNVDid:CNVD-2015-07740
db:VULHUBid:VHN-84334
db:BIDid:77628
db:JVNDBid:JVNDB-2015-005974
db:CNNVDid:CNNVD-201511-292
db:NVDid:CVE-2015-6373

LAST UPDATE DATE
2024-11-23T22:38:46.534000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07740date:2015-11-24T00:00:00
db:VULHUBid:VHN-84334date:2015-11-19T00:00:00
db:BIDid:77628date:2015-11-17T00:00:00
db:JVNDBid:JVNDB-2015-005974date:2015-11-20T00:00:00
db:CNNVDid:CNNVD-201511-292date:2015-11-19T00:00:00
db:NVDid:CVE-2015-6373date:2024-11-21T02:34:52.730

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07740date:2015-11-24T00:00:00
db:VULHUBid:VHN-84334date:2015-11-18T00:00:00
db:BIDid:77628date:2015-11-17T00:00:00
db:JVNDBid:JVNDB-2015-005974date:2015-11-20T00:00:00
db:CNNVDid:CNNVD-201511-292date:2015-11-19T00:00:00
db:NVDid:CVE-2015-6373date:2015-11-18T15:59:03.290