Sign-up

ID

VAR-201512-0405


CVE

CVE-2015-6395


TITLE

Cisco Prime Service Catalog Vulnerabilities whose settings are changed

Trust: 0.8

sources: JVNDB: JVNDB-2015-006391

DESCRIPTION

Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. Vendors have confirmed this vulnerability Bug ID CSCuw48188 It is released as.Settings can be changed by third parties through direct requests. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources. A remote attacker could exploit this vulnerability to modify the configuration by sending a direct request

Trust: 1.71

sources: NVD: CVE-2015-6395 // JVNDB: JVNDB-2015-006391 // VULHUB: VHN-84356

AFFECTED PRODUCTS

vendor:ciscomodel:prime service catalogscope:eqversion:10.0\(r2\)_base

Trust: 1.6

vendor:ciscomodel:prime service catalogscope:eqversion:10.0_base

Trust: 1.6

vendor:ciscomodel:prime service catalogscope:eqversion:10.1_base

Trust: 1.6

vendor:ciscomodel:prime service catalogscope:eqversion:11.0_base

Trust: 1.6

vendor:ciscomodel:prime service catalogscope:eqversion:10.0

Trust: 0.8

vendor:ciscomodel:prime service catalogscope:eqversion:10.0(r2)

Trust: 0.8

vendor:ciscomodel:prime service catalogscope:eqversion:10.1

Trust: 0.8

vendor:ciscomodel:prime service catalogscope:eqversion:11.0

Trust: 0.8

sources: JVNDB: JVNDB-2015-006391 // CNNVD: CNNVD-201512-393 // NVD: CVE-2015-6395

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6395
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6395
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-393
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84356
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6395
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84356
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84356 // JVNDB: JVNDB-2015-006391 // CNNVD: CNNVD-201512-393 // NVD: CVE-2015-6395

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-84356 // JVNDB: JVNDB-2015-006391 // NVD: CVE-2015-6395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-393

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201512-393

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006391

PATCH
title:cisco-sa-20151207-pscurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc
Trust: 0.8
title:Cisco Prime Service Catalog Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59211
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006391 // 
            
            
            
            CNNVD: CNNVD-201512-393

EXTERNAL IDS
db:NVDid:CVE-2015-6395
Trust: 2.5
db:SECTRACKid:1034313
Trust: 1.1
db:JVNDBid:JVNDB-2015-006391
Trust: 0.8
db:CNNVDid:CNNVD-201512-393
Trust: 0.7
db:VULHUBid:VHN-84356
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84356 // 
            
            
            
            JVNDB: JVNDB-2015-006391 // 
            
            
            
            CNNVD: CNNVD-201512-393 // 
            
            
            
            NVD: CVE-2015-6395

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151207-psc
Trust: 1.7
url:http://www.securitytracker.com/id/1034313
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6395
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6395
Trust: 0.8
sources:
            
            
            VULHUB: VHN-84356 // 
            
            
            
            JVNDB: JVNDB-2015-006391 // 
            
            
            
            CNNVD: CNNVD-201512-393 // 
            
            
            
            NVD: CVE-2015-6395

SOURCES
db:VULHUBid:VHN-84356
db:JVNDBid:JVNDB-2015-006391
db:CNNVDid:CNNVD-201512-393
db:NVDid:CVE-2015-6395

LAST UPDATE DATE
2024-11-23T23:05:37.474000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84356date:2017-09-13T00:00:00
db:JVNDBid:JVNDB-2015-006391date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-393date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6395date:2024-11-21T02:34:55.207

SOURCES RELEASE DATE
db:VULHUBid:VHN-84356date:2015-12-12T00:00:00
db:JVNDBid:JVNDB-2015-006391date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-393date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6395date:2015-12-12T11:59:00.120