Sign-up

ID

VAR-201512-0394


CVE

CVE-2015-6419


TITLE

Cisco FireSIGHT Management Center Vulnerability to read arbitrary files in other software

Trust: 0.8

sources: JVNDB: JVNDB-2015-006377

DESCRIPTION

Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. The Cisco FireSIGHT Management Center centrally manages the network security and operational features of Cisco ASA with FirePOWER Services and Cisco FirePOWER appliances. A remote attacker can exploit this vulnerability to view sensitive information about the underlying operating system. This issue is tracked by Cisco Bug ID CSCur25410. The following releases are affected: Cisco FireSIGHT MC using Release 4.10.3, Release 5.2.0, Release 5.3.0, Release 5.3.1, Release 5.4.0 software

Trust: 2.52

sources: NVD: CVE-2015-6419 // JVNDB: JVNDB-2015-006377 // CNVD: CNVD-2015-08364 // BID: 79033 // VULHUB: VHN-84380

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08364

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:4.10.3

Trust: 2.4

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0

Trust: 2.4

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0

Trust: 2.4

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1

Trust: 2.4

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0

Trust: 2.4

vendor:ciscomodel:firesight management centerscope:eqversion:5.4.0

Trust: 0.9

vendor:ciscomodel:firesight management centerscope:eqversion:4.10.3

Trust: 0.9

vendor:ciscomodel:firesight management centerscope:eqversion:5.3.1

Trust: 0.9

vendor:ciscomodel:firesight management centerscope:eqversion:5.2.0

Trust: 0.6

vendor:ciscomodel:firesight management centerscope:eqversion:5.3.0

Trust: 0.6

vendor:ciscomodel:firesight management centerscope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:firesight management centerscope:eqversion:5.2

Trust: 0.3

sources: CNVD: CNVD-2015-08364 // BID: 79033 // JVNDB: JVNDB-2015-006377 // CNNVD: CNNVD-201512-397 // NVD: CVE-2015-6419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6419
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6419
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08364
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-397
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84380
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6419
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-08364
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84380
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-08364 // VULHUB: VHN-84380 // JVNDB: JVNDB-2015-006377 // CNNVD: CNNVD-201512-397 // NVD: CVE-2015-6419

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84380 // JVNDB: JVNDB-2015-006377 // NVD: CVE-2015-6419

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-397

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-397

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006377

PATCH
title:cisco-sa-20151211-fmcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc
Trust: 0.8
title:Cisco FireSIGHT Management Center Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59214
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006377 // 
            
            
            
            CNNVD: CNNVD-201512-397

EXTERNAL IDS
db:NVDid:CVE-2015-6419
Trust: 3.4
db:BIDid:79033
Trust: 1.4
db:JVNDBid:JVNDB-2015-006377
Trust: 0.8
db:CNNVDid:CNNVD-201512-397
Trust: 0.7
db:CNVDid:CNVD-2015-08364
Trust: 0.6
db:VULHUBid:VHN-84380
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08364 // 
            
            
            
            VULHUB: VHN-84380 // 
            
            
            
            BID: 79033 // 
            
            
            
            JVNDB: JVNDB-2015-006377 // 
            
            
            
            CNNVD: CNNVD-201512-397 // 
            
            
            
            NVD: CVE-2015-6419

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151211-fmc
Trust: 2.3
url:http://www.securityfocus.com/bid/79033
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6419
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6419
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151217-gateway
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-08364 // 
            
            
            
            VULHUB: VHN-84380 // 
            
            
            
            BID: 79033 // 
            
            
            
            JVNDB: JVNDB-2015-006377 // 
            
            
            
            CNNVD: CNNVD-201512-397 // 
            
            
            
            NVD: CVE-2015-6419

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 79033

SOURCES
db:CNVDid:CNVD-2015-08364
db:VULHUBid:VHN-84380
db:BIDid:79033
db:JVNDBid:JVNDB-2015-006377
db:CNNVDid:CNNVD-201512-397
db:NVDid:CVE-2015-6419

LAST UPDATE DATE
2024-11-23T22:22:48.434000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08364date:2015-12-22T00:00:00
db:VULHUBid:VHN-84380date:2016-11-28T00:00:00
db:BIDid:79033date:2015-12-11T00:00:00
db:JVNDBid:JVNDB-2015-006377date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-397date:2015-12-18T00:00:00
db:NVDid:CVE-2015-6419date:2024-11-21T02:34:57.763

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08364date:2015-12-22T00:00:00
db:VULHUBid:VHN-84380date:2015-12-12T00:00:00
db:BIDid:79033date:2015-12-11T00:00:00
db:JVNDBid:JVNDB-2015-006377date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-397date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6419date:2015-12-12T16:59:02.993