Sign-up

ID

VAR-201501-0222


CVE

CVE-2015-0588


TITLE

Cisco Unified Communications Domain Manager Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-001051

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. Vendors have confirmed this vulnerability Bug ID CSCuo77055 It is released as.A third party may be able to hijack the authentication of any user. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuo77055. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2015-0588 // JVNDB: JVNDB-2015-001051 // BID: 72082 // VULHUB: VHN-78534

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:10.0

Trust: 1.6

vendor:ciscomodel:unified communications domain manager platform softwarescope:eqversion:10

Trust: 0.8

sources: JVNDB: JVNDB-2015-001051 // CNNVD: CNNVD-201501-342 // NVD: CVE-2015-0588

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0588
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0588
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-342
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78534
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0588
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78534
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78534 // JVNDB: JVNDB-2015-001051 // CNNVD: CNNVD-201501-342 // NVD: CVE-2015-0588

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-78534 // JVNDB: JVNDB-2015-001051 // NVD: CVE-2015-0588

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-342

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201501-342

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001051

PATCH
title:Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0588
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001051

EXTERNAL IDS
db:NVDid:CVE-2015-0588
Trust: 2.8
db:BIDid:72082
Trust: 1.4
db:SECUNIAid:62352
Trust: 1.1
db:SECTRACKid:1031559
Trust: 1.1
db:JVNDBid:JVNDB-2015-001051
Trust: 0.8
db:CNNVDid:CNNVD-201501-342
Trust: 0.7
db:VULHUBid:VHN-78534
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78534 // 
            
            
            
            BID: 72082 // 
            
            
            
            JVNDB: JVNDB-2015-001051 // 
            
            
            
            CNNVD: CNNVD-201501-342 // 
            
            
            
            NVD: CVE-2015-0588

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0588
Trust: 1.7
url:http://www.securityfocus.com/bid/72082
Trust: 1.1
url:http://www.securitytracker.com/id/1031559
Trust: 1.1
url:http://secunia.com/advisories/62352
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100657
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0588
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0588
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78534 // 
            
            
            
            BID: 72082 // 
            
            
            
            JVNDB: JVNDB-2015-001051 // 
            
            
            
            CNNVD: CNNVD-201501-342 // 
            
            
            
            NVD: CVE-2015-0588

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72082

SOURCES
db:VULHUBid:VHN-78534
db:BIDid:72082
db:JVNDBid:JVNDB-2015-001051
db:CNNVDid:CNNVD-201501-342
db:NVDid:CVE-2015-0588

LAST UPDATE DATE
2025-04-13T23:42:05.317000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78534date:2017-09-08T00:00:00
db:BIDid:72082date:2015-02-04T00:03:00
db:JVNDBid:JVNDB-2015-001051date:2015-01-20T00:00:00
db:CNNVDid:CNNVD-201501-342date:2015-01-16T00:00:00
db:NVDid:CVE-2015-0588date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78534date:2015-01-15T00:00:00
db:BIDid:72082date:2015-01-15T00:00:00
db:JVNDBid:JVNDB-2015-001051date:2015-01-20T00:00:00
db:CNNVDid:CNNVD-201501-342date:2015-01-16T00:00:00
db:NVDid:CVE-2015-0588date:2015-01-15T22:59:05.460