CVE-2015-0700

Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38403	Vendor Advisory
http://www.securitytracker.com/id/1032163	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.4.0.46.6:::::::*
	cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.5.0.36:::::::*
	cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.5.0.46.4:::::::*

History

No history.

Information

Published : 2015-04-17 01:59

Updated : 2024-02-04 18:35

NVD link : CVE-2015-0700

Mitre link : CVE-2015-0700

CVE.ORG link : CVE-2015-0700

JSON object : View

Products Affected

cisco

secure_access_control_server_solution_engine

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2015-0700", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-04-17T01:59:27.030", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38403", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032163", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en la p\u00e1gina Dashboard en la secci\u00f3n de monitorizaci\u00f3n y informes en Cisco Secure Access Control Server Solution Engine anterior a 5.5(0.46.5) permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug ID CSCuj62924."}], "lastModified": "2017-01-06T16:06:04.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.4.0.46.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4598CB4A-F2AD-4756-8733-B9B3E01694B1"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.5.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65EA548C-1AFB-427C-B408-40A53C5E85FA"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.5.0.46.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2B47321-AAE2-424B-8721-2A4A710C7F60"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}