ID

VAR-201910-0952


CVE

CVE-2019-15272


TITLE

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition In HTTP Request smuggling vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010327

DESCRIPTION

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system

Trust: 1.71

sources: NVD: CVE-2019-15272 // JVNDB: JVNDB-2019-010327 // VULHUB: VHN-147302

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.52.10000.5

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.51.10000.6

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:12.01.10000.10

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:12.51.10000.22

Trust: 0.6

sources: JVNDB: JVNDB-2019-010327 // CNNVD: CNNVD-201910-078 // NVD: CVE-2019-15272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15272
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15272
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15272
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-078
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147302
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15272
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147302
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15272
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15272
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-147302 // JVNDB: JVNDB-2019-010327 // CNNVD: CNNVD-201910-078 // NVD: CVE-2019-15272 // NVD: CVE-2019-15272

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.9

problemtype:CWE-264

Trust: 1.0

sources: VULHUB: VHN-147302 // JVNDB: JVNDB-2019-010327 // NVD: CVE-2019-15272

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-078

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-201910-078

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010327

PATCH

title:cisco-sa-20191002-ucm-secbypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass

Trust: 0.8

title:Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98814

Trust: 0.6

sources: JVNDB: JVNDB-2019-010327 // CNNVD: CNNVD-201910-078

EXTERNAL IDS

db:NVDid:CVE-2019-15272

Trust: 2.5

db:JVNDBid:JVNDB-2019-010327

Trust: 0.8

db:AUSCERTid:ESB-2019.3700

Trust: 0.6

db:AUSCERTid:ESB-2019.3700.2

Trust: 0.6

db:CNNVDid:CNNVD-201910-078

Trust: 0.6

db:VULHUBid:VHN-147302

Trust: 0.1

sources: VULHUB: VHN-147302 // JVNDB: JVNDB-2019-010327 // CNNVD: CNNVD-201910-078 // NVD: CVE-2019-15272

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-ucm-secbypass

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-15272

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15272

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cuc-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cucm-csrf

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cucm-xxe

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cuc-inject

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cucm-xss-12716

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cucm-xss-12715

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-privilege-escalation-via-http-methods-30519

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3700/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3700.2/

Trust: 0.6

sources: VULHUB: VHN-147302 // JVNDB: JVNDB-2019-010327 // CNNVD: CNNVD-201910-078 // NVD: CVE-2019-15272

SOURCES

db:VULHUBid:VHN-147302
db:JVNDBid:JVNDB-2019-010327
db:CNNVDid:CNNVD-201910-078
db:NVDid:CVE-2019-15272

LAST UPDATE DATE

2024-08-14T13:25:38.220000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147302date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010327date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-078date:2019-10-24T00:00:00
db:NVDid:CVE-2019-15272date:2019-10-09T23:46:54.267

SOURCES RELEASE DATE

db:VULHUBid:VHN-147302date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010327date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-078date:2019-10-02T00:00:00
db:NVDid:CVE-2019-15272date:2019-10-02T19:15:15.343