Sign-up

ID

VAR-201511-0228


CVE

CVE-2015-6376


TITLE

Cisco TelePresence Video Communication Server Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-005990

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412. Vendors have confirmed this vulnerability Bug ID CSCuv72412 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuv72412

Trust: 1.98

sources: NVD: CVE-2015-6376 // JVNDB: JVNDB-2015-005990 // BID: 77678 // VULHUB: VHN-84337

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5.1

Trust: 2.4

vendor:ciscomodel:telepresence video communication serverscope:eqversion:8.5.1

Trust: 0.3

sources: BID: 77678 // JVNDB: JVNDB-2015-005990 // CNNVD: CNNVD-201511-381 // NVD: CVE-2015-6376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6376
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6376
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-381
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84337
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6376
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84337
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84337 // JVNDB: JVNDB-2015-005990 // CNNVD: CNNVD-201511-381 // NVD: CVE-2015-6376

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-84337 // JVNDB: JVNDB-2015-005990 // NVD: CVE-2015-6376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-381

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201511-381

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005990

PATCH
title:cisco-sa-20151120-tvcsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-tvcs
Trust: 0.8
title:Cisco TelePresence Video Communication Server Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58833
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005990 // 
            
            
            
            CNNVD: CNNVD-201511-381

EXTERNAL IDS
db:NVDid:CVE-2015-6376
Trust: 2.8
db:JVNDBid:JVNDB-2015-005990
Trust: 0.8
db:CNNVDid:CNNVD-201511-381
Trust: 0.7
db:BIDid:77678
Trust: 0.4
db:SEEBUGid:SSVID-89956
Trust: 0.1
db:VULHUBid:VHN-84337
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84337 // 
            
            
            
            BID: 77678 // 
            
            
            
            JVNDB: JVNDB-2015-005990 // 
            
            
            
            CNNVD: CNNVD-201511-381 // 
            
            
            
            NVD: CVE-2015-6376

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151120-tvcs
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6376
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6376
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84337 // 
            
            
            
            BID: 77678 // 
            
            
            
            JVNDB: JVNDB-2015-005990 // 
            
            
            
            CNNVD: CNNVD-201511-381 // 
            
            
            
            NVD: CVE-2015-6376

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77678

SOURCES
db:VULHUBid:VHN-84337
db:BIDid:77678
db:JVNDBid:JVNDB-2015-005990
db:CNNVDid:CNNVD-201511-381
db:NVDid:CVE-2015-6376

LAST UPDATE DATE
2024-11-23T22:59:30.871000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84337date:2015-11-23T00:00:00
db:BIDid:77678date:2015-11-20T00:00:00
db:JVNDBid:JVNDB-2015-005990date:2015-11-24T00:00:00
db:CNNVDid:CNNVD-201511-381date:2015-11-23T00:00:00
db:NVDid:CVE-2015-6376date:2024-11-21T02:34:53.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-84337date:2015-11-21T00:00:00
db:BIDid:77678date:2015-11-20T00:00:00
db:JVNDBid:JVNDB-2015-005990date:2015-11-24T00:00:00
db:CNNVDid:CNNVD-201511-381date:2015-11-23T00:00:00
db:NVDid:CVE-2015-6376date:2015-11-21T11:59:14.977