Details of VAR-201512-0388

ID

VAR-201512-0388

CVE

CVE-2015-6413

TITLE

Cisco TelePresence Video Communication Server Expressway Unauthorized Access Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2015-08276 // BID: 79088

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. Cisco TelePresence Video Communication Server is a telepresence video communication server from Cisco Systems, USA. Attackers can exploit this issue to gain unauthorized access to the affected application. This may help in further attacks. This issue is being tracked by Cisco bug ID CSCuw55651

Trust: 2.52

sources: NVD: CVE-2015-6413 // JVNDB: JVNDB-2015-006387 // CNVD: CNVD-2015-08276 // BID: 79088 // VULHUB: VHN-84374

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-08276

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.6	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	expressway x8.6	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server expressway	scope:	eq	version:	x8.6	Trust: 0.6

sources: CNVD: CNVD-2015-08276 // JVNDB: JVNDB-2015-006387 // CNNVD: CNNVD-201512-399 // NVD: CVE-2015-6413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6413
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6413
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-08276
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201512-399
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84374
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6413
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-08276
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84374
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-08276 // VULHUB: VHN-84374 // JVNDB: JVNDB-2015-006387 // CNNVD: CNNVD-201512-399 // NVD: CVE-2015-6413

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-84374 // JVNDB: JVNDB-2015-006387 // NVD: CVE-2015-6413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-399

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201512-399

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006387

PATCH

title:	cisco-sa-20151209-tvc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc	Trust: 0.8
title:	Cisco TelePresence Video Communication Server Expressway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59215	Trust: 0.6

sources: JVNDB: JVNDB-2015-006387 // CNNVD: CNNVD-201512-399

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6413	Trust: 3.4
db:	BID	id:	79088	Trust: 1.4
db:	SECTRACK	id:	1034378	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-006387	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-399	Trust: 0.7
db:	CNVD	id:	CNVD-2015-08276	Trust: 0.6
db:	VULHUB	id:	VHN-84374	Trust: 0.1

sources: CNVD: CNVD-2015-08276 // VULHUB: VHN-84374 // BID: 79088 // JVNDB: JVNDB-2015-006387 // CNNVD: CNNVD-201512-399 // NVD: CVE-2015-6413

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-tvc	Trust: 2.3
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6413	Trust: 1.4
url:	http://www.securityfocus.com/bid/79088	Trust: 1.1
url:	http://www.securitytracker.com/id/1034378	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6413	Trust: 0.8
url:	www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2015-08276 // VULHUB: VHN-84374 // BID: 79088 // JVNDB: JVNDB-2015-006387 // CNNVD: CNNVD-201512-399 // NVD: CVE-2015-6413

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 79088

SOURCES

db:	CNVD	id:	CNVD-2015-08276
db:	VULHUB	id:	VHN-84374
db:	BID	id:	79088
db:	JVNDB	id:	JVNDB-2015-006387
db:	CNNVD	id:	CNNVD-201512-399
db:	NVD	id:	CVE-2015-6413

LAST UPDATE DATE

2024-11-23T22:18:17.521000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-08276	date:	2015-12-16T00:00:00
db:	VULHUB	id:	VHN-84374	date:	2016-12-07T00:00:00
db:	BID	id:	79088	date:	2016-07-05T22:23:00
db:	JVNDB	id:	JVNDB-2015-006387	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201512-399	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-6413	date:	2024-11-21T02:34:57.140

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-08276	date:	2015-12-16T00:00:00
db:	VULHUB	id:	VHN-84374	date:	2015-12-13T00:00:00
db:	BID	id:	79088	date:	2015-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-006387	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201512-399	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-6413	date:	2015-12-13T03:59:07.460