Sign-up

ID

VAR-201502-0172


CVE

CVE-2015-0651


TITLE

Cisco 4710 ACE Runs on the appliance Cisco ANM and Device Manager Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2015-001637

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. Vendors have confirmed this vulnerability Bug ID CSCuo99753 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID's CSCuo99753 and CSCul84792

Trust: 1.98

sources: NVD: CVE-2015-0651 // JVNDB: JVNDB-2015-001637 // BID: 72796 // VULHUB: VHN-78597

AFFECTED PRODUCTS

vendor:ciscomodel:application networking managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:application networking managerscope:lteversion:15.2.5

Trust: 0.8

vendor:ciscomodel:application networking manager update ascope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:1.2

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:5.2.5

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:5.2.4

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:5.2.3

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:5.2.2

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:5.2.1

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:4.3

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:4.2

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:3.1

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:application networking manager update fscope:eqversion:1.2

Trust: 0.3

vendor:ciscomodel:application networking manager update escope:eqversion:1.2

Trust: 0.3

vendor:ciscomodel:ace series application control engine appliances a5scope:eqversion:47003.0

Trust: 0.3

sources: BID: 72796 // JVNDB: JVNDB-2015-001637 // CNNVD: CNNVD-201502-461 // NVD: CVE-2015-0651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0651
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0651
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201502-461
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78597
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0651
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78597
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78597 // JVNDB: JVNDB-2015-001637 // CNNVD: CNNVD-201502-461 // NVD: CVE-2015-0651

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-78597 // JVNDB: JVNDB-2015-001637 // NVD: CVE-2015-0651

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-461

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201502-461

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001637

PATCH
title:Cisco ACE 4710 Application Control Engine and Application Networking Manager Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651
Trust: 0.8
title:37633url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37633
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001637

EXTERNAL IDS
db:NVDid:CVE-2015-0651
Trust: 2.8
db:BIDid:72796
Trust: 1.4
db:SECTRACKid:1031815
Trust: 1.1
db:JVNDBid:JVNDB-2015-001637
Trust: 0.8
db:CNNVDid:CNNVD-201502-461
Trust: 0.7
db:VULHUBid:VHN-78597
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78597 // 
            
            
            
            BID: 72796 // 
            
            
            
            JVNDB: JVNDB-2015-001637 // 
            
            
            
            CNNVD: CNNVD-201502-461 // 
            
            
            
            NVD: CVE-2015-0651

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0651
Trust: 2.0
url:http://www.securityfocus.com/bid/72796
Trust: 1.1
url:http://www.securitytracker.com/id/1031815
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0651
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0651
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37633
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/application-networking-services/application-networking-manager/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78597 // 
            
            
            
            BID: 72796 // 
            
            
            
            JVNDB: JVNDB-2015-001637 // 
            
            
            
            CNNVD: CNNVD-201502-461 // 
            
            
            
            NVD: CVE-2015-0651

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72796

SOURCES
db:VULHUBid:VHN-78597
db:BIDid:72796
db:JVNDBid:JVNDB-2015-001637
db:CNNVDid:CNNVD-201502-461
db:NVDid:CVE-2015-0651

LAST UPDATE DATE
2025-04-13T23:25:19.543000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78597date:2015-11-02T00:00:00
db:BIDid:72796date:2015-11-03T19:10:00
db:JVNDBid:JVNDB-2015-001637date:2015-03-02T00:00:00
db:CNNVDid:CNNVD-201502-461date:2015-03-02T00:00:00
db:NVDid:CVE-2015-0651date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78597date:2015-02-27T00:00:00
db:BIDid:72796date:2015-02-26T00:00:00
db:JVNDBid:JVNDB-2015-001637date:2015-03-02T00:00:00
db:CNNVDid:CNNVD-201502-461date:2015-02-26T00:00:00
db:NVDid:CVE-2015-0651date:2015-02-27T02:59:34.167