Details of VAR-201511-0346

ID

VAR-201511-0346

CVE

CVE-2015-4282

TITLE

Cisco Mobility Services Engine In root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005764

DESCRIPTION

Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. Vendors have confirmed this vulnerability Bug ID CSCuv40504 It is released as.By being written to a file by a local user, root You may get permission. The Cisco Mobility Services Engine (MSE) is a suite of Wi-Fi-enabled platforms (mobile service engines) from Cisco. The platform collects, stores, and manages data from wireless clients, Cisco access points, and controllers. A security vulnerability exists in Cisco MSE 8.0.120.7 and earlier. Because the program assigns weak permissions to the binary. This issue is being tracked by Cisco Bug ID CSCuv40504

Trust: 2.52

sources: NVD: CVE-2015-4282 // JVNDB: JVNDB-2015-005764 // CNVD: CNVD-2015-07472 // BID: 77435 // VULHUB: VHN-82243

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07472

AFFECTED PRODUCTS

vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.4.110.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.5.102.101	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.4.100.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	8.0_base	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	8.0\(110.0\)	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.6.100.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.4_base	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.6.120.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.4.121.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.6.132.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.0_base	Trust: 1.0
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	5.2_base	Trust: 1.0
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	6.0_base	Trust: 1.0
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	5.1_base	Trust: 1.0
vendor:	cisco	model:	mobility services engine	scope:	lte	version:	8.0.120.7	Trust: 0.8
vendor:	cisco	model:	mobility services engine	scope:	lte	version:	<=8.0.120.7	Trust: 0.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	8.0.120.7	Trust: 0.3
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	8.0.120.1	Trust: 0.3
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	8.0(110.0)	Trust: 0.3
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	7.0	Trust: 0.3
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	10.2.0	Trust: 0.3
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	10.0	Trust: 0.3

sources: CNVD: CNVD-2015-07472 // BID: 77435 // JVNDB: JVNDB-2015-005764 // CNNVD: CNNVD-201511-103 // NVD: CVE-2015-4282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4282
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4282
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07472
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201511-103
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82243
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4282
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07472
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82243
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-07472 // VULHUB: VHN-82243 // JVNDB: JVNDB-2015-005764 // CNNVD: CNNVD-201511-103 // NVD: CVE-2015-4282

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-82243 // JVNDB: JVNDB-2015-005764 // NVD: CVE-2015-4282

THREAT TYPE

local

Trust: 0.9

sources: BID: 77435 // CNNVD: CNNVD-201511-103

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201511-103

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005764

PATCH

title:	cisco-sa-20151104-privmse	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse	Trust: 0.8
title:	Patch for Cisco Mobility Services Engine Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/66502	Trust: 0.6
title:	Cisco Mobility Services Engine Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58599	Trust: 0.6

sources: CNVD: CNVD-2015-07472 // JVNDB: JVNDB-2015-005764 // CNNVD: CNNVD-201511-103

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4282	Trust: 3.4
db:	BID	id:	77435	Trust: 1.4
db:	SECTRACK	id:	1034066	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-005764	Trust: 0.8
db:	CNVD	id:	CNVD-2015-07472	Trust: 0.6
db:	CNNVD	id:	CNNVD-201511-103	Trust: 0.6
db:	SEEBUG	id:	SSVID-89767	Trust: 0.1
db:	VULHUB	id:	VHN-82243	Trust: 0.1

sources: CNVD: CNVD-2015-07472 // VULHUB: VHN-82243 // BID: 77435 // JVNDB: JVNDB-2015-005764 // CNNVD: CNNVD-201511-103 // NVD: CVE-2015-4282

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-privmse	Trust: 2.6
url:	http://www.securityfocus.com/bid/77435	Trust: 1.1
url:	http://www.securitytracker.com/id/1034066	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4282	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4282	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://blogs.securiteam.com/index.php/archives/2928	Trust: 0.3

sources: CNVD: CNVD-2015-07472 // VULHUB: VHN-82243 // BID: 77435 // JVNDB: JVNDB-2015-005764 // CNNVD: CNNVD-201511-103 // NVD: CVE-2015-4282

CREDITS

Jeremy Brown

Trust: 0.3

sources: BID: 77435

SOURCES

db:	CNVD	id:	CNVD-2015-07472
db:	VULHUB	id:	VHN-82243
db:	BID	id:	77435
db:	JVNDB	id:	JVNDB-2015-005764
db:	CNNVD	id:	CNNVD-201511-103
db:	NVD	id:	CVE-2015-4282

LAST UPDATE DATE

2024-11-23T21:54:47.443000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07472	date:	2015-11-12T00:00:00
db:	VULHUB	id:	VHN-82243	date:	2017-01-06T00:00:00
db:	BID	id:	77435	date:	2017-01-12T04:10:00
db:	JVNDB	id:	JVNDB-2015-005764	date:	2015-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201511-103	date:	2015-11-09T00:00:00
db:	NVD	id:	CVE-2015-4282	date:	2024-11-21T02:30:45.753

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07472	date:	2015-11-12T00:00:00
db:	VULHUB	id:	VHN-82243	date:	2015-11-06T00:00:00
db:	BID	id:	77435	date:	2015-11-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-005764	date:	2015-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201511-103	date:	2015-11-09T00:00:00
db:	NVD	id:	CVE-2015-4282	date:	2015-11-06T11:59:00.120