Sign-up

ID

VAR-201706-0170


CVE

CVE-2015-7780


TITLE

ManageEngine Firewall Analyzer vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2015-000185

DESCRIPTION

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. Mukai Akihito and Hasegawa Tomoshige reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An authenticated attacker may be able to obtain arbitrary files on the server. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. ManageEngine Firewall Analyzer versions prior to 8.0 are vulnerable; other versions may also be affected. It can collect, correlate analysis and report logs on firewalls, proxy servers and Radius servers throughout the enterprise

Trust: 2.07

sources: NVD: CVE-2015-7780 // JVNDB: JVNDB-2015-000185 // BID: 78211 // VULHUB: VHN-85741 // VULMON: CVE-2015-7780

AFFECTED PRODUCTS

vendor:zohocorpmodel:manageengine firewall analyzerscope:lteversion:7.6

Trust: 1.0

vendor:zohomodel:manageengine firewall analyzerscope:eqversion:prior to 8.0

Trust: 0.8

vendor:zohocorpmodel:manageengine firewall analyzerscope:eqversion:7.6

Trust: 0.6

vendor:manageenginemodel:firewall analyzerscope:eqversion:4.0.3

Trust: 0.3

vendor:manageenginemodel:firewall analyzerscope:eqversion:7.2

Trust: 0.3

vendor:manageenginemodel:firewall analyzer buildscope:eqversion:44030

Trust: 0.3

vendor:manageenginemodel:firewall analyzerscope:eqversion:4

Trust: 0.3

vendor:manageenginemodel:firewall analyzerscope:neversion:8

Trust: 0.3

sources: BID: 78211 // JVNDB: JVNDB-2015-000185 // CNNVD: CNNVD-201512-199 // NVD: CVE-2015-7780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7780
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2015-000185
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-199
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85741
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-7780
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7780
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2015-000185
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-85741
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7780
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-85741 // VULMON: CVE-2015-7780 // JVNDB: JVNDB-2015-000185 // CNNVD: CNNVD-201512-199 // NVD: CVE-2015-7780

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-85741 // JVNDB: JVNDB-2015-000185 // NVD: CVE-2015-7780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-199

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201512-199

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-000185

PATCH
title:ManageEngine Firewall Analyzerurl:https://www.manageengine.com/products/firewall/
Trust: 0.8
title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-7780 // 
            
            
            
            JVNDB: JVNDB-2015-000185

EXTERNAL IDS
db:JVNid:JVN21968837
Trust: 2.9
db:NVDid:CVE-2015-7780
Trust: 2.9
db:JVNDBid:JVNDB-2015-000185
Trust: 2.6
db:BIDid:78211
Trust: 1.0
db:CNNVDid:CNNVD-201512-199
Trust: 0.7
db:VULHUBid:VHN-85741
Trust: 0.1
db:VULMONid:CVE-2015-7780
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85741 // 
            
            
            
            VULMON: CVE-2015-7780 // 
            
            
            
            BID: 78211 // 
            
            
            
            JVNDB: JVNDB-2015-000185 // 
            
            
            
            CNNVD: CNNVD-201512-199 // 
            
            
            
            NVD: CVE-2015-7780

REFERENCES
url:http://jvn.jp/en/jp/jvn21968837/index.html
Trust: 2.9
url:http://jvndb.jvn.jp/ja/contents/2015/jvndb-2015-000185.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7780
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7780
Trust: 0.8
url:http://www.securityfocus.com/bid/78211
Trust: 0.6
url:https://www.manageengine.com/products/firewall/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/arpsyndicate/kenzer-templates
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85741 // 
            
            
            
            VULMON: CVE-2015-7780 // 
            
            
            
            BID: 78211 // 
            
            
            
            JVNDB: JVNDB-2015-000185 // 
            
            
            
            CNNVD: CNNVD-201512-199 // 
            
            
            
            NVD: CVE-2015-7780

CREDITS
Mukai Akihito and Hasegawa Tomoshige
Trust: 0.9
sources:
            
            
            BID: 78211 // 
            
            
            
            CNNVD: CNNVD-201512-199

SOURCES
db:VULHUBid:VHN-85741
db:VULMONid:CVE-2015-7780
db:BIDid:78211
db:JVNDBid:JVNDB-2015-000185
db:CNNVDid:CNNVD-201512-199
db:NVDid:CVE-2015-7780

LAST UPDATE DATE
2024-11-23T22:42:10.506000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85741date:2017-06-30T00:00:00
db:VULMONid:CVE-2015-7780date:2017-06-30T00:00:00
db:BIDid:78211date:2015-11-27T00:00:00
db:JVNDBid:JVNDB-2015-000185date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201512-199date:2017-06-28T00:00:00
db:NVDid:CVE-2015-7780date:2024-11-21T02:37:23.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-85741date:2017-06-27T00:00:00
db:VULMONid:CVE-2015-7780date:2017-06-27T00:00:00
db:BIDid:78211date:2015-11-27T00:00:00
db:JVNDBid:JVNDB-2015-000185date:2015-11-27T00:00:00
db:CNNVDid:CNNVD-201512-199date:2015-11-27T00:00:00
db:NVDid:CVE-2015-7780date:2017-06-27T20:29:00.637