Sign-up

ID

VAR-201910-0952


CVE

CVE-2019-15272


TITLE

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition In HTTP Request smuggling vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010327

DESCRIPTION

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system

Trust: 1.71

sources: NVD: CVE-2019-15272 // JVNDB: JVNDB-2019-010327 // VULHUB: VHN-147302

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.52.10000.5

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.51.10000.6

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:12.01.10000.10

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:12.51.10000.22

Trust: 0.6

sources: JVNDB: JVNDB-2019-010327 // CNNVD: CNNVD-201910-078 // NVD: CVE-2019-15272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15272
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15272
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15272
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-078
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147302
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15272
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147302
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15272
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15272
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-147302 // JVNDB: JVNDB-2019-010327 // CNNVD: CNNVD-201910-078 // NVD: CVE-2019-15272 // NVD: CVE-2019-15272

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.9

problemtype:CWE-264

Trust: 1.0

sources: VULHUB: VHN-147302 // JVNDB: JVNDB-2019-010327 // NVD: CVE-2019-15272

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-078

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-201910-078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010327

PATCH
title:cisco-sa-20191002-ucm-secbypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass
Trust: 0.8
title:Cisco Unified Communications Manager  and Cisco Unified Communications Manager Session Management Edition Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98814
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010327 // 
            
            
            
            CNNVD: CNNVD-201910-078

EXTERNAL IDS
db:NVDid:CVE-2019-15272
Trust: 2.5
db:JVNDBid:JVNDB-2019-010327
Trust: 0.8
db:AUSCERTid:ESB-2019.3700
Trust: 0.6
db:AUSCERTid:ESB-2019.3700.2
Trust: 0.6
db:CNNVDid:CNNVD-201910-078
Trust: 0.6
db:VULHUBid:VHN-147302
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147302 // 
            
            
            
            JVNDB: JVNDB-2019-010327 // 
            
            
            
            CNNVD: CNNVD-201910-078 // 
            
            
            
            NVD: CVE-2019-15272

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-ucm-secbypass
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-15272
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15272
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cuc-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cucm-csrf
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cucm-xxe
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cuc-inject
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cucm-xss-12716
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cucm-xss-12715
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-privilege-escalation-via-http-methods-30519
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3700/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3700.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-147302 // 
            
            
            
            JVNDB: JVNDB-2019-010327 // 
            
            
            
            CNNVD: CNNVD-201910-078 // 
            
            
            
            NVD: CVE-2019-15272

SOURCES
db:VULHUBid:VHN-147302
db:JVNDBid:JVNDB-2019-010327
db:CNNVDid:CNNVD-201910-078
db:NVDid:CVE-2019-15272

LAST UPDATE DATE
2024-08-14T13:25:38.220000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-147302date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010327date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-078date:2019-10-24T00:00:00
db:NVDid:CVE-2019-15272date:2019-10-09T23:46:54.267

SOURCES RELEASE DATE
db:VULHUBid:VHN-147302date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010327date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-078date:2019-10-02T00:00:00
db:NVDid:CVE-2019-15272date:2019-10-02T19:15:15.343