Details of VAR-201504-0277

ID

VAR-201504-0277

CVE

CVE-2015-0697

TITLE

Cisco TelePresence Collaboration Desk and Room Endpoints Runs on the device Cisco TC Software login page open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002290

DESCRIPTION

Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. Vendors have confirmed this vulnerability Bug ID CSCuq94980 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2015-0697 // JVNDB: JVNDB-2015-002290 // BID: 74154 // VULHUB: VHN-78643

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.1.2	Trust: 1.9
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.1.1	Trust: 1.9
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.0	Trust: 1.9
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.1.2-cucm	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.1.0-cucm	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.0-cucm	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.3_base	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.1.1-cucm	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.2_base	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.2	Trust: 1.3
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.1	Trust: 1.3
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.1-cucm	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0_base	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.1_base	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.0	Trust: 0.8
vendor:	cisco	model:	telepresence	scope:	eq	version:	collaboration room endpoints	Trust: 0.8
vendor:	cisco	model:	telepresence	scope:	eq	version:	collaboration desk	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	lt	version:	7.x	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.2	Trust: 0.3
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	telepresence tc software 6.1.2-cucm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence tc software 6.1.1-cucm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence tc software 6.1.0-cucm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence tc software 6.0.1-cucm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence tc software 6.0.0-cucm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	collaboration room endpoints	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	collaboration desk endpoints	scope:	eq	version:	0	Trust: 0.3

sources: BID: 74154 // JVNDB: JVNDB-2015-002290 // CNNVD: CNNVD-201504-275 // NVD: CVE-2015-0697

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0697
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0697
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-275
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78643
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0697
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78643
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78643 // JVNDB: JVNDB-2015-002290 // CNNVD: CNNVD-201504-275 // NVD: CVE-2015-0697

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78643 // JVNDB: JVNDB-2015-002290 // NVD: CVE-2015-0697

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-275

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201504-275

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002290

PATCH

title:

38350

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=38350

Trust: 0.8

sources: JVNDB: JVNDB-2015-002290

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0697	Trust: 2.8
db:	SECTRACK	id:	1032136	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002290	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-275	Trust: 0.7
db:	BID	id:	74154	Trust: 0.4
db:	VULHUB	id:	VHN-78643	Trust: 0.1

sources: VULHUB: VHN-78643 // BID: 74154 // JVNDB: JVNDB-2015-002290 // CNNVD: CNNVD-201504-275 // NVD: CVE-2015-0697

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38350	Trust: 2.0
url:	http://www.securitytracker.com/id/1032136	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0697	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0697	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/collaboration-endpoints/smart-desk-endpoints/index.html	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/collaboration-endpoints/collaboration-room-endpoints/index.html	Trust: 0.3

sources: VULHUB: VHN-78643 // BID: 74154 // JVNDB: JVNDB-2015-002290 // CNNVD: CNNVD-201504-275 // NVD: CVE-2015-0697

CREDITS

Cisco

Trust: 0.3

sources: BID: 74154

SOURCES

db:	VULHUB	id:	VHN-78643
db:	BID	id:	74154
db:	JVNDB	id:	JVNDB-2015-002290
db:	CNNVD	id:	CNNVD-201504-275
db:	NVD	id:	CVE-2015-0697

LAST UPDATE DATE

2025-04-13T23:23:45.796000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78643	date:	2017-01-06T00:00:00
db:	BID	id:	74154	date:	2015-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-002290	date:	2015-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201504-275	date:	2015-04-16T00:00:00
db:	NVD	id:	CVE-2015-0697	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78643	date:	2015-04-15T00:00:00
db:	BID	id:	74154	date:	2015-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-002290	date:	2015-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201504-275	date:	2015-04-16T00:00:00
db:	NVD	id:	CVE-2015-0697	date:	2015-04-15T10:59:03.533