Sign-up

ID

VAR-201512-0422


CVE

CVE-2015-6389


TITLE

Cisco Prime Collaboration Assurance Vulnerabilities that gain access

Trust: 0.8

sources: JVNDB: JVNDB-2015-006390

DESCRIPTION

Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCus62707. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites

Trust: 1.98

sources: NVD: CVE-2015-6389 // JVNDB: JVNDB-2015-006390 // BID: 78738 // VULHUB: VHN-84350

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.5.1

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:10.6.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:ltversion:11.0

Trust: 0.8

sources: JVNDB: JVNDB-2015-006390 // CNNVD: CNNVD-201512-176 // NVD: CVE-2015-6389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6389
value: HIGH

Trust: 1.0

NVD: CVE-2015-6389
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-176
value: CRITICAL

Trust: 0.6

VULHUB: VHN-84350
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6389
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84350
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84350 // JVNDB: JVNDB-2015-006390 // CNNVD: CNNVD-201512-176 // NVD: CVE-2015-6389

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-84350 // JVNDB: JVNDB-2015-006390 // NVD: CVE-2015-6389

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-176

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201512-176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006390

PATCH
title:cisco-sa-20151209-pcaurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca
Trust: 0.8
title:Cisco Prime Collaboration Assurance Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59034
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006390 // 
            
            
            
            CNNVD: CNNVD-201512-176

EXTERNAL IDS
db:NVDid:CVE-2015-6389
Trust: 2.8
db:BIDid:78738
Trust: 2.0
db:SECTRACKid:1034361
Trust: 1.1
db:JVNDBid:JVNDB-2015-006390
Trust: 0.8
db:CNNVDid:CNNVD-201512-176
Trust: 0.7
db:VULHUBid:VHN-84350
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84350 // 
            
            
            
            BID: 78738 // 
            
            
            
            JVNDB: JVNDB-2015-006390 // 
            
            
            
            CNNVD: CNNVD-201512-176 // 
            
            
            
            NVD: CVE-2015-6389

REFERENCES
url:http://www.securityfocus.com/bid/78738
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-pca
Trust: 1.7
url:http://www.securitytracker.com/id/1034361
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6389
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6389
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84350 // 
            
            
            
            BID: 78738 // 
            
            
            
            JVNDB: JVNDB-2015-006390 // 
            
            
            
            CNNVD: CNNVD-201512-176 // 
            
            
            
            NVD: CVE-2015-6389

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 78738 // 
            
            
            
            CNNVD: CNNVD-201512-176

SOURCES
db:VULHUBid:VHN-84350
db:BIDid:78738
db:JVNDBid:JVNDB-2015-006390
db:CNNVDid:CNNVD-201512-176
db:NVDid:CVE-2015-6389

LAST UPDATE DATE
2024-11-23T22:49:17.053000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84350date:2016-12-07T00:00:00
db:BIDid:78738date:2015-12-09T00:00:00
db:JVNDBid:JVNDB-2015-006390date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-176date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6389date:2024-11-21T02:34:54.473

SOURCES RELEASE DATE
db:VULHUBid:VHN-84350date:2015-12-13T00:00:00
db:BIDid:78738date:2015-12-09T00:00:00
db:JVNDBid:JVNDB-2015-006390date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-176date:2015-12-10T00:00:00
db:NVDid:CVE-2015-6389date:2015-12-13T03:59:01.517