Details of VAR-201512-0381

ID

VAR-201512-0381

CVE

CVE-2015-6405

TITLE

Cisco Emergency Responder Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-006384

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. Vendors have confirmed this vulnerability Bug ID CSCuv26501 It is released as.A third party may be able to hijack the authentication of any user. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuv26501. Cisco Emergency Responder (ER) is an emergency call software in an IP communication system of Cisco (Cisco). The software provides features such as real-time location tracking database and caller's location

Trust: 2.52

sources: NVD: CVE-2015-6405 // JVNDB: JVNDB-2015-006384 // CNVD: CNVD-2015-08366 // BID: 78812 // VULHUB: VHN-84366

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-08366

AFFECTED PRODUCTS

vendor:	cisco	model:	emergency responder	scope:	eq	version:	10.5\(1a\)	Trust: 1.6
vendor:	cisco	model:	emergency responder software	scope:	eq	version:	10.5(1)	Trust: 0.8
vendor:	cisco	model:	emergency responder software	scope:	eq	version:	10.5(1a)	Trust: 0.8
vendor:	cisco	model:	emergency responder 10.5	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	emergency responder	scope:	eq	version:	10.5(1)	Trust: 0.6

sources: CNVD: CNVD-2015-08366 // JVNDB: JVNDB-2015-006384 // CNNVD: CNNVD-201512-290 // NVD: CVE-2015-6405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6405
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6405
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-08366
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201512-290
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84366
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6405
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-08366
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84366
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-08366 // VULHUB: VHN-84366 // JVNDB: JVNDB-2015-006384 // CNNVD: CNNVD-201512-290 // NVD: CVE-2015-6405

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-84366 // JVNDB: JVNDB-2015-006384 // NVD: CVE-2015-6405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-290

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201512-290

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006384

PATCH

title:

cisco-sa-20151209-cers

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-cers

Trust: 0.8

sources: JVNDB: JVNDB-2015-006384

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6405	Trust: 3.4
db:	BID	id:	78812	Trust: 2.0
db:	SECTRACK	id:	1034385	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-006384	Trust: 0.8
db:	CNVD	id:	CNVD-2015-08366	Trust: 0.6
db:	CNNVD	id:	CNNVD-201512-290	Trust: 0.6
db:	VULHUB	id:	VHN-84366	Trust: 0.1

sources: CNVD: CNVD-2015-08366 // VULHUB: VHN-84366 // BID: 78812 // JVNDB: JVNDB-2015-006384 // CNNVD: CNNVD-201512-290 // NVD: CVE-2015-6405

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-cers	Trust: 2.3
url:	http://www.securityfocus.com/bid/78812	Trust: 1.7
url:	http://www.securitytracker.com/id/1034385	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6405	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6405	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-08366 // VULHUB: VHN-84366 // BID: 78812 // JVNDB: JVNDB-2015-006384 // CNNVD: CNNVD-201512-290 // NVD: CVE-2015-6405

CREDITS

Cisco

Trust: 0.9

sources: BID: 78812 // CNNVD: CNNVD-201512-290

SOURCES

db:	CNVD	id:	CNVD-2015-08366
db:	VULHUB	id:	VHN-84366
db:	BID	id:	78812
db:	JVNDB	id:	JVNDB-2015-006384
db:	CNNVD	id:	CNNVD-201512-290
db:	NVD	id:	CVE-2015-6405

LAST UPDATE DATE

2024-11-23T22:59:30.655000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-08366	date:	2015-12-22T00:00:00
db:	VULHUB	id:	VHN-84366	date:	2016-12-07T00:00:00
db:	BID	id:	78812	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006384	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201512-290	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-6405	date:	2024-11-21T02:34:56.310

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-08366	date:	2015-12-22T00:00:00
db:	VULHUB	id:	VHN-84366	date:	2015-12-13T00:00:00
db:	BID	id:	78812	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006384	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201512-290	date:	2015-12-11T00:00:00
db:	NVD	id:	CVE-2015-6405	date:	2015-12-13T03:59:04.050