Details of VAR-201601-0005

ID

VAR-201601-0005

CVE

CVE-2015-6336

TITLE

Cisco Aironet 1800 Vulnerabilities that can gain access rights in device software

Trust: 0.8

sources: JVNDB: JVNDB-2015-006810

DESCRIPTION

Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. Vendors have confirmed this vulnerability Bug ID CSCuw58062 It is released as.Access may be obtained by a third party. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCuw58062

Trust: 2.07

sources: NVD: CVE-2015-6336 // JVNDB: JVNDB-2015-006810 // BID: 80496 // VULHUB: VHN-84297 // VULMON: CVE-2015-6336

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point software	scope:	eq	version:	7.2_base	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	7.3_base	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	7.4_base	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.1\(15.14\)	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.1\(112.3\)	Trust: 1.6
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.1\(112.4\)	Trust: 1.6
vendor:	cisco	model:	aironet 1830e	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 1830i	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 1850e	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 1850i	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	7.2	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	7.3	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	7.4	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.1(112.3)	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.1(112.4)	Trust: 0.8
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.1(15.14)	Trust: 0.8
vendor:	cisco	model:	aironet 1850i series access point	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet 1850e series access point	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet 1830i series access point	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet 1830e series access point	scope:	eq	version:	0	Trust: 0.3

sources: BID: 80496 // JVNDB: JVNDB-2015-006810 // CNNVD: CNNVD-201601-263 // NVD: CVE-2015-6336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6336
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6336
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201601-263
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84297
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-6336
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6336
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-84297
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6336
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-84297 // VULMON: CVE-2015-6336 // JVNDB: JVNDB-2015-006810 // CNNVD: CNNVD-201601-263 // NVD: CVE-2015-6336

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-84297 // JVNDB: JVNDB-2015-006810 // NVD: CVE-2015-6336

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-263

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201601-263

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006810

PATCH

title:	cisco-sa-20160113-air	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air	Trust: 0.8
title:	Cisco Aironet 1800 Series Access Point Devices Repair measures for trust management vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59605	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2016/01/13/cisco_admins_gear_up_for_a_late_night/	Trust: 0.2
title:	Cisco: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160113-air	Trust: 0.1

sources: VULMON: CVE-2015-6336 // JVNDB: JVNDB-2015-006810 // CNNVD: CNNVD-201601-263

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6336	Trust: 2.9
db:	SECTRACK	id:	1034667	Trust: 1.2
db:	BID	id:	80496	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-006810	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-263	Trust: 0.7
db:	VULHUB	id:	VHN-84297	Trust: 0.1
db:	VULMON	id:	CVE-2015-6336	Trust: 0.1

sources: VULHUB: VHN-84297 // VULMON: CVE-2015-6336 // BID: 80496 // JVNDB: JVNDB-2015-006810 // CNNVD: CNNVD-201601-263 // NVD: CVE-2015-6336

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160113-air	Trust: 2.2
url:	http://www.securitytracker.com/id/1034667	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6336	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6336	Trust: 0.8
url:	http://www.securityfocus.com/bid/80496	Trust: 0.7
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-84297 // VULMON: CVE-2015-6336 // BID: 80496 // JVNDB: JVNDB-2015-006810 // CNNVD: CNNVD-201601-263 // NVD: CVE-2015-6336

CREDITS

Cisco

Trust: 0.9

sources: BID: 80496 // CNNVD: CNNVD-201601-263

SOURCES

db:	VULHUB	id:	VHN-84297
db:	VULMON	id:	CVE-2015-6336
db:	BID	id:	80496
db:	JVNDB	id:	JVNDB-2015-006810
db:	CNNVD	id:	CNNVD-201601-263
db:	NVD	id:	CVE-2015-6336

LAST UPDATE DATE

2024-11-23T23:12:37.171000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84297	date:	2016-12-07T00:00:00
db:	VULMON	id:	CVE-2015-6336	date:	2016-12-07T00:00:00
db:	BID	id:	80496	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006810	date:	2016-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201601-263	date:	2016-01-25T00:00:00
db:	NVD	id:	CVE-2015-6336	date:	2024-11-21T02:34:48.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84297	date:	2016-01-15T00:00:00
db:	VULMON	id:	CVE-2015-6336	date:	2016-01-15T00:00:00
db:	BID	id:	80496	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006810	date:	2016-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201601-263	date:	2016-01-15T00:00:00
db:	NVD	id:	CVE-2015-6336	date:	2016-01-15T03:59:08.107