Details of VAR-201512-0547

ID

VAR-201512-0547

CVE

CVE-2015-4206

TITLE

Cisco Unified Communications Manager Vulnerable to cross-site scripting protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2015-006442

DESCRIPTION

Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuu15266. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There are security vulnerabilities in CUCM versions 8.0 to 8.6

Trust: 2.07

sources: NVD: CVE-2015-4206 // JVNDB: JVNDB-2015-006442 // BID: 79196 // VULHUB: VHN-82167 // VULMON: CVE-2015-4206

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0_base	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6_base	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5_base	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0 to 8.6	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.4	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.2	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.1	Trust: 0.3

sources: BID: 79196 // JVNDB: JVNDB-2015-006442 // CNNVD: CNNVD-201512-438 // NVD: CVE-2015-4206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4206
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4206
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201512-438
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82167
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-4206
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4206
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-82167
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82167 // VULMON: CVE-2015-4206 // JVNDB: JVNDB-2015-006442 // CNNVD: CNNVD-201512-438 // NVD: CVE-2015-4206

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-82167 // JVNDB: JVNDB-2015-006442 // NVD: CVE-2015-4206

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-438

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201512-438

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006442

PATCH

title:	cisco-sa-20151214-ucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm	Trust: 0.8
title:	Cisco: Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151214-ucm	Trust: 0.1

sources: VULMON: CVE-2015-4206 // JVNDB: JVNDB-2015-006442

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4206	Trust: 2.9
db:	BID	id:	79196	Trust: 1.5
db:	SECTRACK	id:	1034430	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-006442	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-438	Trust: 0.7
db:	VULHUB	id:	VHN-82167	Trust: 0.1
db:	VULMON	id:	CVE-2015-4206	Trust: 0.1

sources: VULHUB: VHN-82167 // VULMON: CVE-2015-4206 // BID: 79196 // JVNDB: JVNDB-2015-006442 // CNNVD: CNNVD-201512-438 // NVD: CVE-2015-4206

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151214-ucm	Trust: 2.2
url:	http://www.securityfocus.com/bid/79196	Trust: 1.3
url:	http://www.securitytracker.com/id/1034430	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4206	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4206	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-82167 // VULMON: CVE-2015-4206 // BID: 79196 // JVNDB: JVNDB-2015-006442 // CNNVD: CNNVD-201512-438 // NVD: CVE-2015-4206

CREDITS

Cisco

Trust: 0.3

sources: BID: 79196

SOURCES

db:	VULHUB	id:	VHN-82167
db:	VULMON	id:	CVE-2015-4206
db:	BID	id:	79196
db:	JVNDB	id:	JVNDB-2015-006442
db:	CNNVD	id:	CNNVD-201512-438
db:	NVD	id:	CVE-2015-4206

LAST UPDATE DATE

2024-11-23T22:59:30.524000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82167	date:	2016-12-07T00:00:00
db:	VULMON	id:	CVE-2015-4206	date:	2016-12-07T00:00:00
db:	BID	id:	79196	date:	2015-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-006442	date:	2015-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201512-438	date:	2015-12-16T00:00:00
db:	NVD	id:	CVE-2015-4206	date:	2024-11-21T02:30:37.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82167	date:	2015-12-15T00:00:00
db:	VULMON	id:	CVE-2015-4206	date:	2015-12-15T00:00:00
db:	BID	id:	79196	date:	2015-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-006442	date:	2015-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201512-438	date:	2015-12-16T00:00:00
db:	NVD	id:	CVE-2015-4206	date:	2015-12-15T05:59:00.317