Details of VAR-201601-0001

ID

VAR-201601-0001

CVE

CVE-2015-6314

TITLE

Cisco Wireless LAN Controller Vulnerability in changing configuration settings in device software

Trust: 0.8

sources: JVNDB: JVNDB-2015-006807

DESCRIPTION

Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. Vendors have confirmed this vulnerability Bug ID CSCuw06153 It is released as.The configuration settings may be changed by a third party. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. This may allow an attacker to take complete control of the device. This issue is being tracked by Cisco Bug ID CSCuw06153. The following versions are affected: Cisco WLC 7.6.120.0 and above, 8.0 and above, 8.1 and above

Trust: 2.61

sources: NVD: CVE-2015-6314 // JVNDB: JVNDB-2015-006807 // CNVD: CNVD-2016-00370 // BID: 80499 // VULHUB: VHN-84275 // VULMON: CVE-2015-6314

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00370

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0.72.140	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0_base	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.1.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.1.111.0	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.1.104.37	Trust: 1.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.1.122.0	Trust: 1.0
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.1	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0.121.0	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.6.x	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	lt	version:	8.0	Trust: 0.8
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.1.131.0	Trust: 0.8
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.6.x	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0(<8.0.121.0)	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.1(<8.1.131.0)	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.6.120.0	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0.115.0	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0.120.0	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	8.0.100	Trust: 0.6
vendor:	cisco	model:	wireless lan controller software	scope:	eq	version:	7.6.130.0	Trust: 0.6
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	8.1	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	7.6.120.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	ne	version:	8.1.131.0	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	ne	version:	8.0.121.0	Trust: 0.3

sources: CNVD: CNVD-2016-00370 // BID: 80499 // JVNDB: JVNDB-2015-006807 // CNNVD: CNNVD-201601-261 // NVD: CVE-2015-6314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6314
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-6314
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-00370
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201601-261
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-84275
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-6314
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6314
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-00370
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84275
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6314
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-00370 // VULHUB: VHN-84275 // VULMON: CVE-2015-6314 // JVNDB: JVNDB-2015-006807 // CNNVD: CNNVD-201601-261 // NVD: CVE-2015-6314

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-84275 // JVNDB: JVNDB-2015-006807 // NVD: CVE-2015-6314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-261

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201601-261

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006807

PATCH

title:	cisco-sa-20160113-wlc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc	Trust: 0.8
title:	CiscoWirelessLANController is not authorized to access the patch for the vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/70263	Trust: 0.6
title:	Cisco Wireless LAN Controller Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59603	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2016/01/13/cisco_admins_gear_up_for_a_late_night/	Trust: 0.2
title:	Cisco: Cisco Wireless LAN Controller Unauthorized Access Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160113-wlc	Trust: 0.1

sources: CNVD: CNVD-2016-00370 // VULMON: CVE-2015-6314 // JVNDB: JVNDB-2015-006807 // CNNVD: CNNVD-201601-261

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6314	Trust: 3.5
db:	SECTRACK	id:	1034665	Trust: 1.8
db:	JVNDB	id:	JVNDB-2015-006807	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-261	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00370	Trust: 0.6
db:	BID	id:	80499	Trust: 0.5
db:	VULHUB	id:	VHN-84275	Trust: 0.1
db:	VULMON	id:	CVE-2015-6314	Trust: 0.1

sources: CNVD: CNVD-2016-00370 // VULHUB: VHN-84275 // VULMON: CVE-2015-6314 // BID: 80499 // JVNDB: JVNDB-2015-006807 // CNNVD: CNNVD-201601-261 // NVD: CVE-2015-6314

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160113-wlc	Trust: 2.2
url:	http://www.securitytracker.com/id/1034665	Trust: 1.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6314	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6314	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/80499	Trust: 0.1

sources: CNVD: CNVD-2016-00370 // VULHUB: VHN-84275 // VULMON: CVE-2015-6314 // BID: 80499 // JVNDB: JVNDB-2015-006807 // CNNVD: CNNVD-201601-261 // NVD: CVE-2015-6314

CREDITS

Cisco

Trust: 0.9

sources: BID: 80499 // CNNVD: CNNVD-201601-261

SOURCES

db:	CNVD	id:	CNVD-2016-00370
db:	VULHUB	id:	VHN-84275
db:	VULMON	id:	CVE-2015-6314
db:	BID	id:	80499
db:	JVNDB	id:	JVNDB-2015-006807
db:	CNNVD	id:	CNNVD-201601-261
db:	NVD	id:	CVE-2015-6314

LAST UPDATE DATE

2024-11-23T22:45:54.798000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00370	date:	2016-01-20T00:00:00
db:	VULHUB	id:	VHN-84275	date:	2016-12-07T00:00:00
db:	VULMON	id:	CVE-2015-6314	date:	2021-04-16T00:00:00
db:	BID	id:	80499	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006807	date:	2016-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201601-261	date:	2021-04-19T00:00:00
db:	NVD	id:	CVE-2015-6314	date:	2024-11-21T02:34:45.787

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00370	date:	2016-01-20T00:00:00
db:	VULHUB	id:	VHN-84275	date:	2016-01-15T00:00:00
db:	VULMON	id:	CVE-2015-6314	date:	2016-01-15T00:00:00
db:	BID	id:	80499	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006807	date:	2016-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201601-261	date:	2016-01-15T00:00:00
db:	NVD	id:	CVE-2015-6314	date:	2016-01-15T03:59:05.153