Details of VAR-201512-0387

ID

VAR-201512-0387

CVE

CVE-2015-6411

TITLE

Cisco FirePOWER Management Center Software Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-08312 // CNNVD: CNNVD-201512-174

DESCRIPTION

Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. Vendors have confirmed this vulnerability Bug ID CSCux37061 It is released as.By reading unspecified fields by a third party, important version information may be obtained. The Cisco FirePOWER Management Center is the next-generation firewall management center software from Cisco. An attacker could exploit the vulnerability to gain access to sensitive information. This issue being tracked by Cisco Bug ID CSCux37061

Trust: 2.52

sources: NVD: CVE-2015-6411 // JVNDB: JVNDB-2015-006447 // CNVD: CNVD-2015-08312 // BID: 78740 // VULHUB: VHN-84372

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-08312

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.3	Trust: 2.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.0	Trust: 2.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1	Trust: 2.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1.3	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.0	Trust: 1.0

sources: CNVD: CNVD-2015-08312 // JVNDB: JVNDB-2015-006447 // CNNVD: CNNVD-201512-174 // NVD: CVE-2015-6411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6411
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6411
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-08312
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201512-174
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84372
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6411
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-08312
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84372
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-08312 // VULHUB: VHN-84372 // JVNDB: JVNDB-2015-006447 // CNNVD: CNNVD-201512-174 // NVD: CVE-2015-6411

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-84372 // JVNDB: JVNDB-2015-006447 // NVD: CVE-2015-6411

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-174

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-174

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006447

PATCH

title:

cisco-sa-20151209-fmc

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-fmc

Trust: 0.8

sources: JVNDB: JVNDB-2015-006447

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6411	Trust: 3.4
db:	BID	id:	78740	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-006447	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-174	Trust: 0.7
db:	CNVD	id:	CNVD-2015-08312	Trust: 0.6
db:	VULHUB	id:	VHN-84372	Trust: 0.1

sources: CNVD: CNVD-2015-08312 // VULHUB: VHN-84372 // BID: 78740 // JVNDB: JVNDB-2015-006447 // CNNVD: CNNVD-201512-174 // NVD: CVE-2015-6411

REFERENCES

url:	http://www.securityfocus.com/bid/78740	Trust: 2.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-fmc	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6411	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6411	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-08312 // VULHUB: VHN-84372 // BID: 78740 // JVNDB: JVNDB-2015-006447 // CNNVD: CNNVD-201512-174 // NVD: CVE-2015-6411

CREDITS

Cisco

Trust: 0.9

sources: BID: 78740 // CNNVD: CNNVD-201512-174

SOURCES

db:	CNVD	id:	CNVD-2015-08312
db:	VULHUB	id:	VHN-84372
db:	BID	id:	78740
db:	JVNDB	id:	JVNDB-2015-006447
db:	CNNVD	id:	CNNVD-201512-174
db:	NVD	id:	CVE-2015-6411

LAST UPDATE DATE

2024-11-27T22:55:00.724000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-08312	date:	2015-12-21T00:00:00
db:	VULHUB	id:	VHN-84372	date:	2016-11-28T00:00:00
db:	BID	id:	78740	date:	2015-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-006447	date:	2015-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201512-174	date:	2015-12-16T00:00:00
db:	NVD	id:	CVE-2015-6411	date:	2024-11-26T16:09:02.407

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-08312	date:	2015-12-21T00:00:00
db:	VULHUB	id:	VHN-84372	date:	2015-12-15T00:00:00
db:	BID	id:	78740	date:	2015-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-006447	date:	2015-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201512-174	date:	2015-12-10T00:00:00
db:	NVD	id:	CVE-2015-6411	date:	2015-12-15T05:59:06.857