Details of VAR-201507-0366

ID

VAR-201507-0366

CVE

CVE-2015-4196

TITLE

Cisco Unified Communications Domain Manager Platform software in root Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2015-003464

DESCRIPTION

Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. An attacker can leverage this issue to gain unauthorized access to an affected system with the privileges of the root user. A successful exploit could result in a complete system compromise. This issue is being tracked by Cisco Bug ID CSCuq45546. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. There is a security vulnerability in Cisco UCDM 8.x versions of Platform Software prior to version 4.4.5

Trust: 1.98

sources: NVD: CVE-2015-4196 // JVNDB: JVNDB-2015-003464 // BID: 75514 // VULHUB: VHN-82157

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	4.4.2	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	4.4.4	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	4.4.1	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	4.4.3	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.x	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager platform software	scope:	lt	version:	4.4.5	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager platform	scope:	eq	version:	4.4.4	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager platform	scope:	eq	version:	4.4.3	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager platform	scope:	eq	version:	4.4.2	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager platform	scope:	eq	version:	4.4.1	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager platform	scope:	ne	version:	4.4.5	Trust: 0.3

sources: BID: 75514 // JVNDB: JVNDB-2015-003464 // CNNVD: CNNVD-201507-097 // NVD: CVE-2015-4196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4196
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4196
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201507-097
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82157
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4196
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-82157
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82157 // JVNDB: JVNDB-2015-003464 // CNNVD: CNNVD-201507-097 // NVD: CVE-2015-4196

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-82157 // JVNDB: JVNDB-2015-003464 // NVD: CVE-2015-4196

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-097

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201507-097

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003464

PATCH

title:	cisco-sa-20150701-cucdm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdm	Trust: 0.8
title:	39512	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39512	Trust: 0.8
title:	cisco-sa-20150701-cucdm	url:	http://www.cisco.com/cisco/web/support/JP/113/1130/1130083_cisco-sa-20150701-cucdm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-003464

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4196	Trust: 2.8
db:	SECTRACK	id:	1032774	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003464	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-097	Trust: 0.7
db:	BID	id:	75514	Trust: 0.4
db:	VULHUB	id:	VHN-82157	Trust: 0.1

sources: VULHUB: VHN-82157 // BID: 75514 // JVNDB: JVNDB-2015-003464 // CNNVD: CNNVD-201507-097 // NVD: CVE-2015-4196

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150701-cucdm	Trust: 2.0
url:	http://www.securitytracker.com/id/1032774	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4196	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4196	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39512	Trust: 0.3

sources: VULHUB: VHN-82157 // BID: 75514 // JVNDB: JVNDB-2015-003464 // CNNVD: CNNVD-201507-097 // NVD: CVE-2015-4196

CREDITS

Cisco

Trust: 0.3

sources: BID: 75514

SOURCES

db:	VULHUB	id:	VHN-82157
db:	BID	id:	75514
db:	JVNDB	id:	JVNDB-2015-003464
db:	CNNVD	id:	CNNVD-201507-097
db:	NVD	id:	CVE-2015-4196

LAST UPDATE DATE

2025-04-13T23:04:08.936000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82157	date:	2016-12-28T00:00:00
db:	BID	id:	75514	date:	2015-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-003464	date:	2015-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201507-097	date:	2015-07-07T00:00:00
db:	NVD	id:	CVE-2015-4196	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82157	date:	2015-07-04T00:00:00
db:	BID	id:	75514	date:	2015-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-003464	date:	2015-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201507-097	date:	2015-07-07T00:00:00
db:	NVD	id:	CVE-2015-4196	date:	2015-07-04T10:59:02.217