Details of VAR-201506-0171

ID

VAR-201506-0171

CVE

CVE-2015-0759

TITLE

Cisco Headend Digital Broadband Delivery System Cross-Site Request Forgery Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2015-03576 // BID: 74932 // CNNVD: CNNVD-201506-029

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. The system provides content protection, video on demand, and dbd backup and recovery. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible

Trust: 2.52

sources: NVD: CVE-2015-0759 // JVNDB: JVNDB-2015-002916 // CNVD: CNVD-2015-03576 // BID: 74932 // VULHUB: VHN-78705

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03576

AFFECTED PRODUCTS

vendor:	cisco	model:	headend digital broadband delivery system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	headend digital broadband delivery system	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	headend digital broadband delivery system	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-03576 // BID: 74932 // JVNDB: JVNDB-2015-002916 // CNNVD: CNNVD-201506-029 // NVD: CVE-2015-0759

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0759
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0759
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03576
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-029
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78705
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0759
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03576
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78705
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03576 // VULHUB: VHN-78705 // JVNDB: JVNDB-2015-002916 // CNNVD: CNNVD-201506-029 // NVD: CVE-2015-0759

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-78705 // JVNDB: JVNDB-2015-002916 // NVD: CVE-2015-0759

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-029

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201506-029

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002916

PATCH

title:

39133

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39133

Trust: 0.8

sources: JVNDB: JVNDB-2015-002916

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0759	Trust: 3.4
db:	SECTRACK	id:	1032446	Trust: 1.1
db:	BID	id:	74932	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-002916	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-029	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03576	Trust: 0.6
db:	VULHUB	id:	VHN-78705	Trust: 0.1

sources: CNVD: CNVD-2015-03576 // VULHUB: VHN-78705 // BID: 74932 // JVNDB: JVNDB-2015-002916 // CNNVD: CNNVD-201506-029 // NVD: CVE-2015-0759

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39133	Trust: 2.6
url:	http://www.securitytracker.com/id/1032446	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0759	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0759	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-03576 // VULHUB: VHN-78705 // BID: 74932 // JVNDB: JVNDB-2015-002916 // CNNVD: CNNVD-201506-029 // NVD: CVE-2015-0759

CREDITS

Cisco

Trust: 0.3

sources: BID: 74932

SOURCES

db:	CNVD	id:	CNVD-2015-03576
db:	VULHUB	id:	VHN-78705
db:	BID	id:	74932
db:	JVNDB	id:	JVNDB-2015-002916
db:	CNNVD	id:	CNNVD-201506-029
db:	NVD	id:	CVE-2015-0759

LAST UPDATE DATE

2025-04-13T23:25:13.984000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03576	date:	2015-06-04T00:00:00
db:	VULHUB	id:	VHN-78705	date:	2017-01-04T00:00:00
db:	BID	id:	74932	date:	2015-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002916	date:	2015-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201506-029	date:	2015-06-03T00:00:00
db:	NVD	id:	CVE-2015-0759	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03576	date:	2015-06-04T00:00:00
db:	VULHUB	id:	VHN-78705	date:	2015-06-02T00:00:00
db:	BID	id:	74932	date:	2015-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002916	date:	2015-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201506-029	date:	2015-06-03T00:00:00
db:	NVD	id:	CVE-2015-0759	date:	2015-06-02T14:59:02.927