Sign-up

ID

VAR-201512-0386


CVE

CVE-2015-6410


TITLE

Cisco Unified Communications Manager of Mobile and Remote Access Vulnerability that can bypass the restriction of telephone reception and telephone setting in service implementation

Trust: 0.8

sources: JVNDB: JVNDB-2015-006395

DESCRIPTION

The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283. Vendors have confirmed this vulnerability Bug ID CSCuu97283 It is released as.By impersonating a user by a third party, it may be possible to circumvent restrictions on receiving calls and settings. Cisco Unified Communications Manager is prone to a security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuu97283. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability stems from the fact that the program does not properly handle edge-device authentication. Remote attackers can exploit this vulnerability by forging user identities to bypass established call-reception and call-setup restrictions

Trust: 1.98

sources: NVD: CVE-2015-6410 // JVNDB: JVNDB-2015-006395 // BID: 78741 // VULHUB: VHN-84371

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x8.5

Trust: 1.6

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2015-006395 // CNNVD: CNNVD-201512-287 // NVD: CVE-2015-6410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6410
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6410
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-287
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84371
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6410
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84371
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84371 // JVNDB: JVNDB-2015-006395 // CNNVD: CNNVD-201512-287 // NVD: CVE-2015-6410

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-84371 // JVNDB: JVNDB-2015-006395 // NVD: CVE-2015-6410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-287

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201512-287

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006395

PATCH
title:cisco-sa-20151209-ucmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ucm
Trust: 0.8
title:Cisco Unified Communications Manager Mobile and Remote Access Repair measures for security bypass vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59127
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006395 // 
            
            
            
            CNNVD: CNNVD-201512-287

EXTERNAL IDS
db:NVDid:CVE-2015-6410
Trust: 2.8
db:BIDid:78741
Trust: 2.0
db:SECTRACKid:1034377
Trust: 1.1
db:JVNDBid:JVNDB-2015-006395
Trust: 0.8
db:CNNVDid:CNNVD-201512-287
Trust: 0.7
db:VULHUBid:VHN-84371
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84371 // 
            
            
            
            BID: 78741 // 
            
            
            
            JVNDB: JVNDB-2015-006395 // 
            
            
            
            CNNVD: CNNVD-201512-287 // 
            
            
            
            NVD: CVE-2015-6410

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ucm
Trust: 2.0
url:http://www.securityfocus.com/bid/78741
Trust: 1.7
url:http://www.securitytracker.com/id/1034377
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6410
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6410
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84371 // 
            
            
            
            BID: 78741 // 
            
            
            
            JVNDB: JVNDB-2015-006395 // 
            
            
            
            CNNVD: CNNVD-201512-287 // 
            
            
            
            NVD: CVE-2015-6410

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 78741 // 
            
            
            
            CNNVD: CNNVD-201512-287

SOURCES
db:VULHUBid:VHN-84371
db:BIDid:78741
db:JVNDBid:JVNDB-2015-006395
db:CNNVDid:CNNVD-201512-287
db:NVDid:CVE-2015-6410

LAST UPDATE DATE
2024-11-23T22:01:39.595000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84371date:2016-12-07T00:00:00
db:BIDid:78741date:2016-01-12T02:02:00
db:JVNDBid:JVNDB-2015-006395date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-287date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6410date:2024-11-21T02:34:56.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84371date:2015-12-14T00:00:00
db:BIDid:78741date:2015-12-09T00:00:00
db:JVNDBid:JVNDB-2015-006395date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-287date:2015-12-11T00:00:00
db:NVDid:CVE-2015-6410date:2015-12-14T03:59:03.840