Sign-up

ID

VAR-201505-0200


CVE

CVE-2015-0758


TITLE

Cisco Unified MeetingPlace of Web Vulnerability to read arbitrary files in the base user interface

Trust: 0.8

sources: JVNDB: JVNDB-2015-002866

DESCRIPTION

The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452. This case XML External entity (XXE) Vulnerability related to the problem. Cisco Unified MeetingPlace is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco bug ID CSCus97452. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2015-0758 // JVNDB: JVNDB-2015-002866 // BID: 74922 // VULHUB: VHN-78704

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.9\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.9)

Trust: 1.1

sources: BID: 74922 // JVNDB: JVNDB-2015-002866 // CNNVD: CNNVD-201505-599 // NVD: CVE-2015-0758

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0758
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0758
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-599
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78704
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0758
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78704
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78704 // JVNDB: JVNDB-2015-002866 // CNNVD: CNNVD-201505-599 // NVD: CVE-2015-0758

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-78704 // JVNDB: JVNDB-2015-002866 // NVD: CVE-2015-0758

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-599

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201505-599

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002866

PATCH
title:39130url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39130
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002866

EXTERNAL IDS
db:NVDid:CVE-2015-0758
Trust: 2.8
db:SECTRACKid:1032448
Trust: 1.1
db:JVNDBid:JVNDB-2015-002866
Trust: 0.8
db:CNNVDid:CNNVD-201505-599
Trust: 0.7
db:BIDid:74922
Trust: 0.4
db:VULHUBid:VHN-78704
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78704 // 
            
            
            
            BID: 74922 // 
            
            
            
            JVNDB: JVNDB-2015-002866 // 
            
            
            
            CNNVD: CNNVD-201505-599 // 
            
            
            
            NVD: CVE-2015-0758

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39130
Trust: 2.0
url:http://www.securitytracker.com/id/1032448
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0758
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0758
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78704 // 
            
            
            
            BID: 74922 // 
            
            
            
            JVNDB: JVNDB-2015-002866 // 
            
            
            
            CNNVD: CNNVD-201505-599 // 
            
            
            
            NVD: CVE-2015-0758

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74922

SOURCES
db:VULHUBid:VHN-78704
db:BIDid:74922
db:JVNDBid:JVNDB-2015-002866
db:CNNVDid:CNNVD-201505-599
db:NVDid:CVE-2015-0758

LAST UPDATE DATE
2025-04-13T23:36:28.008000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78704date:2017-01-04T00:00:00
db:BIDid:74922date:2015-06-01T00:00:00
db:JVNDBid:JVNDB-2015-002866date:2015-06-03T00:00:00
db:CNNVDid:CNNVD-201505-599date:2015-06-05T00:00:00
db:NVDid:CVE-2015-0758date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78704date:2015-05-30T00:00:00
db:BIDid:74922date:2015-06-01T00:00:00
db:JVNDBid:JVNDB-2015-002866date:2015-06-03T00:00:00
db:CNNVDid:CNNVD-201505-599date:2015-05-30T00:00:00
db:NVDid:CVE-2015-0758date:2015-05-30T14:59:05.660