Sign-up

ID

VAR-201512-0384


CVE

CVE-2015-6408


TITLE

Cisco Unity Connection Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-006392

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. Cisco Unity Connection is a voice messaging platform that runs on the same Linux-based Cisco Unified Communications Operating System. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCux24578. The platform can use voice commands to make calls or listen to messages "hands-free"

Trust: 1.98

sources: NVD: CVE-2015-6408 // JVNDB: JVNDB-2015-006392 // BID: 78875 // VULHUB: VHN-84369

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:eqversion:11.5\(0.98\)

Trust: 1.6

vendor:ciscomodel:unity connectionscope:eqversion:11.5(0.98)

Trust: 1.1

sources: BID: 78875 // JVNDB: JVNDB-2015-006392 // CNNVD: CNNVD-201512-395 // NVD: CVE-2015-6408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6408
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6408
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-395
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84369
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6408
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84369
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84369 // JVNDB: JVNDB-2015-006392 // CNNVD: CNNVD-201512-395 // NVD: CVE-2015-6408

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-84369 // JVNDB: JVNDB-2015-006392 // NVD: CVE-2015-6408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-395

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201512-395

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006392

PATCH
title:cisco-sa-20151209-ucurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006392

EXTERNAL IDS
db:NVDid:CVE-2015-6408
Trust: 2.8
db:BIDid:78875
Trust: 1.4
db:SECTRACKid:1034379
Trust: 1.1
db:JVNDBid:JVNDB-2015-006392
Trust: 0.8
db:CNNVDid:CNNVD-201512-395
Trust: 0.7
db:VULHUBid:VHN-84369
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84369 // 
            
            
            
            BID: 78875 // 
            
            
            
            JVNDB: JVNDB-2015-006392 // 
            
            
            
            CNNVD: CNNVD-201512-395 // 
            
            
            
            NVD: CVE-2015-6408

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-uc
Trust: 2.0
url:http://www.securityfocus.com/bid/78875
Trust: 1.1
url:http://www.securitytracker.com/id/1034379
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6408
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6408
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84369 // 
            
            
            
            BID: 78875 // 
            
            
            
            JVNDB: JVNDB-2015-006392 // 
            
            
            
            CNNVD: CNNVD-201512-395 // 
            
            
            
            NVD: CVE-2015-6408

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 78875

SOURCES
db:VULHUBid:VHN-84369
db:BIDid:78875
db:JVNDBid:JVNDB-2015-006392
db:CNNVDid:CNNVD-201512-395
db:NVDid:CVE-2015-6408

LAST UPDATE DATE
2024-11-23T23:05:37.501000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84369date:2016-12-07T00:00:00
db:BIDid:78875date:2015-12-09T00:00:00
db:JVNDBid:JVNDB-2015-006392date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-395date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6408date:2024-11-21T02:34:56.617

SOURCES RELEASE DATE
db:VULHUBid:VHN-84369date:2015-12-12T00:00:00
db:BIDid:78875date:2015-12-09T00:00:00
db:JVNDBid:JVNDB-2015-006392date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-395date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6408date:2015-12-12T16:59:00.147