Sign-up

ID

VAR-201706-0171


CVE

CVE-2015-7781


TITLE

ManageEngine Firewall Analyzer fails to restrict access permissions

Trust: 0.8

sources: JVNDB: JVNDB-2015-000186

DESCRIPTION

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. Mukai Akihito, Hasegawa Tomoshige reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to obtain server logs. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. It can collect, correlate analysis and report logs on firewalls, proxy servers and Radius servers throughout the enterprise

Trust: 1.98

sources: NVD: CVE-2015-7781 // JVNDB: JVNDB-2015-000186 // BID: 78213 // VULHUB: VHN-85742

AFFECTED PRODUCTS

vendor:zohocorpmodel:manageengine firewall analyzerscope:lteversion:7.6

Trust: 1.0

vendor:zohomodel:manageengine firewall analyzerscope:eqversion:prior to 8.0

Trust: 0.8

vendor:zohocorpmodel:manageengine firewall analyzerscope:eqversion:7.6

Trust: 0.6

vendor:manageenginemodel:firewall analyzerscope:eqversion:4.0.3

Trust: 0.3

vendor:manageenginemodel:firewall analyzerscope:eqversion:7.2

Trust: 0.3

vendor:manageenginemodel:firewall analyzer buildscope:eqversion:44030

Trust: 0.3

vendor:manageenginemodel:firewall analyzerscope:eqversion:4

Trust: 0.3

vendor:manageenginemodel:firewall analyzerscope:neversion:8

Trust: 0.3

sources: BID: 78213 // JVNDB: JVNDB-2015-000186 // CNNVD: CNNVD-201512-198 // NVD: CVE-2015-7781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7781
value: HIGH

Trust: 1.0

IPA: JVNDB-2015-000186
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-198
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85742
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7781
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2015-000186
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-85742
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7781
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-85742 // JVNDB: JVNDB-2015-000186 // CNNVD: CNNVD-201512-198 // NVD: CVE-2015-7781

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.1

problemtype:CWE-264

Trust: 0.8

sources: VULHUB: VHN-85742 // JVNDB: JVNDB-2015-000186 // NVD: CVE-2015-7781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-198

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201512-198

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-000186

PATCH
title:ManageEngine Firewall Analyzerurl:https://www.manageengine.com/products/firewall/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-000186

EXTERNAL IDS
db:JVNid:JVN12991684
Trust: 2.8
db:NVDid:CVE-2015-7781
Trust: 2.8
db:JVNDBid:JVNDB-2015-000186
Trust: 2.5
db:BIDid:78213
Trust: 1.0
db:CNNVDid:CNNVD-201512-198
Trust: 0.7
db:VULHUBid:VHN-85742
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85742 // 
            
            
            
            BID: 78213 // 
            
            
            
            JVNDB: JVNDB-2015-000186 // 
            
            
            
            CNNVD: CNNVD-201512-198 // 
            
            
            
            NVD: CVE-2015-7781

REFERENCES
url:http://jvn.jp/en/jp/jvn12991684/index.html
Trust: 2.8
url:http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000186.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7781
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7781
Trust: 0.8
url:http://www.securityfocus.com/bid/78213
Trust: 0.6
url:https://www.manageengine.com/products/firewall/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-85742 // 
            
            
            
            BID: 78213 // 
            
            
            
            JVNDB: JVNDB-2015-000186 // 
            
            
            
            CNNVD: CNNVD-201512-198 // 
            
            
            
            NVD: CVE-2015-7781

CREDITS
Mukai Akihito and Hasegawa Tomoshige
Trust: 0.9
sources:
            
            
            BID: 78213 // 
            
            
            
            CNNVD: CNNVD-201512-198

SOURCES
db:VULHUBid:VHN-85742
db:BIDid:78213
db:JVNDBid:JVNDB-2015-000186
db:CNNVDid:CNNVD-201512-198
db:NVDid:CVE-2015-7781

LAST UPDATE DATE
2024-11-23T22:13:00.517000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85742date:2017-06-30T00:00:00
db:BIDid:78213date:2015-11-27T00:00:00
db:JVNDBid:JVNDB-2015-000186date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201512-198date:2017-06-28T00:00:00
db:NVDid:CVE-2015-7781date:2024-11-21T02:37:23.583

SOURCES RELEASE DATE
db:VULHUBid:VHN-85742date:2017-06-27T00:00:00
db:BIDid:78213date:2015-11-27T00:00:00
db:JVNDBid:JVNDB-2015-000186date:2015-11-27T00:00:00
db:CNNVDid:CNNVD-201512-198date:2015-11-27T00:00:00
db:NVDid:CVE-2015-7781date:2017-06-27T20:29:00.667