Sign-up

ID

VAR-201511-0231


CVE

CVE-2015-6380


TITLE

Cisco Firepower 9000 Run on device Firepower Extensible Operating System In any OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006011

DESCRIPTION

An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. Failed exploit attempts will result in denial-of-service conditions. This issue being tracked by Cisco Bug ID CSCux10622. The script can be accessed via the web interface. The vulnerability is due to lack of input validation of the parameters passed to the user script. These commands are at the privilege level of the authenticated user. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire

Trust: 2.61

sources: NVD: CVE-2015-6380 // JVNDB: JVNDB-2015-006011 // CNVD: CNVD-2015-07806 // BID: 77686 // VULHUB: VHN-84341 // VULMON: CVE-2015-6380

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07806

AFFECTED PRODUCTS

vendor:ciscomodel:firepower extensible operating systemscope:eqversion:1.1\(1.160\)

Trust: 1.6

vendor:ciscomodel:firepower extensible operating systemscope:eqversion:1.1(1.160)

Trust: 1.4

vendor:ciscomodel:firepower seriesscope:eqversion:90001.1(1.160)

Trust: 0.3

sources: CNVD: CNVD-2015-07806 // BID: 77686 // JVNDB: JVNDB-2015-006011 // CNNVD: CNNVD-201511-410 // NVD: CVE-2015-6380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6380
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6380
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07806
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201511-410
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84341
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-6380
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6380
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-07806
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84341
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-07806 // VULHUB: VHN-84341 // VULMON: CVE-2015-6380 // JVNDB: JVNDB-2015-006011 // CNNVD: CNNVD-201511-410 // NVD: CVE-2015-6380

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-84341 // JVNDB: JVNDB-2015-006011 // NVD: CVE-2015-6380

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-410

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201511-410

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006011

PATCH
title:cisco-sa-20151123-fireurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire
Trust: 0.8
title:Cisco: Cisco Firepower 9000 Operating System Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151123-fire
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-6380 // 
            
            
            
            JVNDB: JVNDB-2015-006011

EXTERNAL IDS
db:NVDid:CVE-2015-6380
Trust: 3.5
db:JVNDBid:JVNDB-2015-006011
Trust: 0.8
db:CNNVDid:CNNVD-201511-410
Trust: 0.7
db:CNVDid:CNVD-2015-07806
Trust: 0.6
db:BIDid:77686
Trust: 0.4
db:SEEBUGid:SSVID-89946
Trust: 0.1
db:VULHUBid:VHN-84341
Trust: 0.1
db:VULMONid:CVE-2015-6380
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07806 // 
            
            
            
            VULHUB: VHN-84341 // 
            
            
            
            VULMON: CVE-2015-6380 // 
            
            
            
            BID: 77686 // 
            
            
            
            JVNDB: JVNDB-2015-006011 // 
            
            
            
            CNNVD: CNNVD-201511-410 // 
            
            
            
            NVD: CVE-2015-6380

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151123-fire
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6380
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6380
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07806 // 
            
            
            
            VULHUB: VHN-84341 // 
            
            
            
            VULMON: CVE-2015-6380 // 
            
            
            
            BID: 77686 // 
            
            
            
            JVNDB: JVNDB-2015-006011 // 
            
            
            
            CNNVD: CNNVD-201511-410 // 
            
            
            
            NVD: CVE-2015-6380

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77686

SOURCES
db:CNVDid:CNVD-2015-07806
db:VULHUBid:VHN-84341
db:VULMONid:CVE-2015-6380
db:BIDid:77686
db:JVNDBid:JVNDB-2015-006011
db:CNNVDid:CNNVD-201511-410
db:NVDid:CVE-2015-6380

LAST UPDATE DATE
2024-11-23T22:52:42.368000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07806date:2015-11-27T00:00:00
db:VULHUBid:VHN-84341date:2015-11-24T00:00:00
db:VULMONid:CVE-2015-6380date:2015-11-24T00:00:00
db:BIDid:77686date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-006011date:2015-11-25T00:00:00
db:CNNVDid:CNNVD-201511-410date:2015-11-25T00:00:00
db:NVDid:CVE-2015-6380date:2024-11-21T02:34:53.590

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07806date:2015-11-27T00:00:00
db:VULHUBid:VHN-84341date:2015-11-24T00:00:00
db:VULMONid:CVE-2015-6380date:2015-11-24T00:00:00
db:BIDid:77686date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-006011date:2015-11-25T00:00:00
db:CNNVDid:CNNVD-201511-410date:2015-11-25T00:00:00
db:NVDid:CVE-2015-6380date:2015-11-24T04:59:03.007