Details of VAR-201504-0280

ID

VAR-201504-0280

CVE

CVE-2015-0700

TITLE

Cisco Secure Access Control Server Solution Engine of monitoring-and-report Section Dashboard Page cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002383

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. Vendors have confirmed this vulnerability Bug ID CSCuj62924 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuj62924. This solution provides functions such as centralized management of access types, devices, and user groups for accessing network resources

Trust: 1.98

sources: NVD: CVE-2015-0700 // JVNDB: JVNDB-2015-002383 // BID: 74189 // VULHUB: VHN-78646

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.5.0.36	Trust: 1.6
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.4.0.46.6	Trust: 1.6
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.5.0.46.4	Trust: 1.6
vendor:	cisco	model:	secure access control server solution engine	scope:	lt	version:	5.5(0.46.5)	Trust: 0.8
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.5(0.46.4)	Trust: 0.3
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.5(0.36)	Trust: 0.3
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.4(0.46.6)	Trust: 0.3
vendor:	cisco	model:	secure access control server solution engine	scope:	ne	version:	5.5(0.46.5)	Trust: 0.3

sources: BID: 74189 // JVNDB: JVNDB-2015-002383 // CNNVD: CNNVD-201504-377 // NVD: CVE-2015-0700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0700
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0700
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-377
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78646
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0700
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78646
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78646 // JVNDB: JVNDB-2015-002383 // CNNVD: CNNVD-201504-377 // NVD: CVE-2015-0700

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-78646 // JVNDB: JVNDB-2015-002383 // NVD: CVE-2015-0700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-377

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201504-377

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002383

PATCH

title:

38403

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=38403

Trust: 0.8

sources: JVNDB: JVNDB-2015-002383

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0700	Trust: 2.8
db:	SECTRACK	id:	1032163	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002383	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-377	Trust: 0.7
db:	BID	id:	74189	Trust: 0.4
db:	VULHUB	id:	VHN-78646	Trust: 0.1

sources: VULHUB: VHN-78646 // BID: 74189 // JVNDB: JVNDB-2015-002383 // CNNVD: CNNVD-201504-377 // NVD: CVE-2015-0700

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38403	Trust: 1.7
url:	http://www.securitytracker.com/id/1032163	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0700	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0700	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	tools.cisco.com/security/center/viewalert.x?alertid=38403	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/security/secure-access-control-server-solution-engine/index.html	Trust: 0.3

sources: VULHUB: VHN-78646 // BID: 74189 // JVNDB: JVNDB-2015-002383 // CNNVD: CNNVD-201504-377 // NVD: CVE-2015-0700

CREDITS

Cisco

Trust: 0.3

sources: BID: 74189

SOURCES

db:	VULHUB	id:	VHN-78646
db:	BID	id:	74189
db:	JVNDB	id:	JVNDB-2015-002383
db:	CNNVD	id:	CNNVD-201504-377
db:	NVD	id:	CVE-2015-0700

LAST UPDATE DATE

2025-04-12T23:15:46.450000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78646	date:	2017-01-06T00:00:00
db:	BID	id:	74189	date:	2015-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-002383	date:	2015-04-21T00:00:00
db:	CNNVD	id:	CNNVD-201504-377	date:	2015-04-17T00:00:00
db:	NVD	id:	CVE-2015-0700	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78646	date:	2015-04-17T00:00:00
db:	BID	id:	74189	date:	2015-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-002383	date:	2015-04-21T00:00:00
db:	CNNVD	id:	CNNVD-201504-377	date:	2015-04-17T00:00:00
db:	NVD	id:	CVE-2015-0700	date:	2015-04-17T01:59:27.030