Sign-up

ID

VAR-201512-0417


CVE

CVE-2015-6384


TITLE

Android for Cisco WebEx Meetings Vulnerabilities that prevent access restrictions in applications

Trust: 0.8

sources: JVNDB: JVNDB-2015-006119

DESCRIPTION

The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. Cisco WebEx Meetings for Android is prone to a remote security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to gain unauthorized access. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuw86442

Trust: 1.98

sources: NVD: CVE-2015-6384 // JVNDB: JVNDB-2015-006119 // BID: 78418 // VULHUB: VHN-84345

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:eqversion:8.0_base

Trust: 1.6

vendor:ciscomodel:webex meetingsscope:ltversion:8.5.1

Trust: 0.8

vendor:ciscomodel:webex meetings for androidscope:eqversion:8.5.1

Trust: 0.3

sources: BID: 78418 // JVNDB: JVNDB-2015-006119 // CNNVD: CNNVD-201512-039 // NVD: CVE-2015-6384

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6384
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6384
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-039
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84345
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6384
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84345
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84345 // JVNDB: JVNDB-2015-006119 // CNNVD: CNNVD-201512-039 // NVD: CVE-2015-6384

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-84345 // JVNDB: JVNDB-2015-006119 // NVD: CVE-2015-6384

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-039

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201512-039

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006119

PATCH
title:cisco-sa-20151201-wmcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-wmc
Trust: 0.8
title:Cisco WebEx Meetingsurl:https://play.google.com/store/apps/details?id=com.cisco.webex.meetings&hl=ja
Trust: 0.8
title:Cisco WebEx Meetings for Android Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58903
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006119 // 
            
            
            
            CNNVD: CNNVD-201512-039

EXTERNAL IDS
db:NVDid:CVE-2015-6384
Trust: 2.8
db:JVNDBid:JVNDB-2015-006119
Trust: 0.8
db:CNNVDid:CNNVD-201512-039
Trust: 0.7
db:BIDid:78418
Trust: 0.4
db:VULHUBid:VHN-84345
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84345 // 
            
            
            
            BID: 78418 // 
            
            
            
            JVNDB: JVNDB-2015-006119 // 
            
            
            
            CNNVD: CNNVD-201512-039 // 
            
            
            
            NVD: CVE-2015-6384

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151201-wmc
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6384
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6384
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151201-wmc 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84345 // 
            
            
            
            BID: 78418 // 
            
            
            
            JVNDB: JVNDB-2015-006119 // 
            
            
            
            CNNVD: CNNVD-201512-039 // 
            
            
            
            NVD: CVE-2015-6384

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 78418

SOURCES
db:VULHUBid:VHN-84345
db:BIDid:78418
db:JVNDBid:JVNDB-2015-006119
db:CNNVDid:CNNVD-201512-039
db:NVDid:CVE-2015-6384

LAST UPDATE DATE
2024-11-23T22:31:01.944000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84345date:2015-12-07T00:00:00
db:BIDid:78418date:2015-12-01T00:00:00
db:JVNDBid:JVNDB-2015-006119date:2015-12-09T00:00:00
db:CNNVDid:CNNVD-201512-039date:2015-12-11T00:00:00
db:NVDid:CVE-2015-6384date:2024-11-21T02:34:53.933

SOURCES RELEASE DATE
db:VULHUBid:VHN-84345date:2015-12-05T00:00:00
db:BIDid:78418date:2015-12-01T00:00:00
db:JVNDBid:JVNDB-2015-006119date:2015-12-09T00:00:00
db:CNNVDid:CNNVD-201512-039date:2015-12-07T00:00:00
db:NVDid:CVE-2015-6384date:2015-12-05T03:59:00.137