Details of VAR-201512-0389

ID

VAR-201512-0389

CVE

CVE-2015-6414

TITLE

Cisco TelePresence Video Communication Server Vulnerabilities that can break cryptographic protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2015-006388

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516. Cisco TelePresence is a Cisco TelePresence solution. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuw64516

Trust: 2.52

sources: NVD: CVE-2015-6414 // JVNDB: JVNDB-2015-006388 // CNVD: CNVD-2015-08069 // BID: 79065 // VULHUB: VHN-84375

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-08069

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.6	Trust: 2.4
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.6	Trust: 0.9

sources: CNVD: CNVD-2015-08069 // BID: 79065 // JVNDB: JVNDB-2015-006388 // CNNVD: CNNVD-201512-400 // NVD: CVE-2015-6414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6414
value:	LOW
Trust: 1.0
NVD:	CVE-2015-6414
value:	LOW
Trust: 0.8
CNVD:	CNVD-2015-08069
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201512-400
value:	LOW
Trust: 0.6
VULHUB:	VHN-84375
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-6414
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-08069
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84375
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-08069 // VULHUB: VHN-84375 // JVNDB: JVNDB-2015-006388 // CNNVD: CNNVD-201512-400 // NVD: CVE-2015-6414

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-84375 // JVNDB: JVNDB-2015-006388 // NVD: CVE-2015-6414

THREAT TYPE

local

Trust: 0.9

sources: BID: 79065 // CNNVD: CNNVD-201512-400

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-400

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006388

PATCH

title:	cisco-sa-20151210-tvcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs	Trust: 0.8
title:	Patch for Cisco TelePresence Video Communication Server Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/68149	Trust: 0.6

sources: CNVD: CNVD-2015-08069 // JVNDB: JVNDB-2015-006388

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6414	Trust: 3.4
db:	BID	id:	79065	Trust: 1.4
db:	SECTRACK	id:	1034429	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-006388	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-400	Trust: 0.7
db:	CNVD	id:	CNVD-2015-08069	Trust: 0.6
db:	VULHUB	id:	VHN-84375	Trust: 0.1

sources: CNVD: CNVD-2015-08069 // VULHUB: VHN-84375 // BID: 79065 // JVNDB: JVNDB-2015-006388 // CNNVD: CNNVD-201512-400 // NVD: CVE-2015-6414

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151210-tvcs	Trust: 2.6
url:	http://www.securityfocus.com/bid/79065	Trust: 1.1
url:	http://www.securitytracker.com/id/1034429	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6414	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6414	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-08069 // VULHUB: VHN-84375 // BID: 79065 // JVNDB: JVNDB-2015-006388 // CNNVD: CNNVD-201512-400 // NVD: CVE-2015-6414

CREDITS

Cisco

Trust: 0.3

sources: BID: 79065

SOURCES

db:	CNVD	id:	CNVD-2015-08069
db:	VULHUB	id:	VHN-84375
db:	BID	id:	79065
db:	JVNDB	id:	JVNDB-2015-006388
db:	CNNVD	id:	CNNVD-201512-400
db:	NVD	id:	CVE-2015-6414

LAST UPDATE DATE

2024-11-23T22:52:42.177000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-08069	date:	2015-12-14T00:00:00
db:	VULHUB	id:	VHN-84375	date:	2016-12-07T00:00:00
db:	BID	id:	79065	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006388	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201512-400	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-6414	date:	2024-11-21T02:34:57.250

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-08069	date:	2015-12-11T00:00:00
db:	VULHUB	id:	VHN-84375	date:	2015-12-13T00:00:00
db:	BID	id:	79065	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006388	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201512-400	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-6414	date:	2015-12-13T03:59:08.400