Details of VAR-201507-0501

ID

VAR-201507-0501

CVE

CVE-2015-4271

TITLE

Cisco TelePresence Integrator C Run on device TelePresence TC Vulnerabilities that bypass software authentication

Trust: 0.8

sources: JVNDB: JVNDB-2015-003852

DESCRIPTION

Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. Vendors have confirmed this vulnerability Bug ID CSCuv00604 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party may bypass authentication due to problems with multiple request parameters. An attacker can exploit this issue to bypass the authentication mechanism on an affected device. This may lead to further attacks

Trust: 1.98

sources: NVD: CVE-2015-4271 // JVNDB: JVNDB-2015-003852 // BID: 75939 // VULHUB: VHN-82232

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.2	Trust: 1.9
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.1	Trust: 1.9
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.3	Trust: 1.9
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	lt	version:	7.3.4	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3	Trust: 0.3
vendor:	cisco	model:	telepresence integrator c series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence tc software	scope:	ne	version:	7.3.4	Trust: 0.3

sources: BID: 75939 // JVNDB: JVNDB-2015-003852 // CNNVD: CNNVD-201507-475 // NVD: CVE-2015-4271

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4271
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4271
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201507-475
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82232
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4271
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-82232
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82232 // JVNDB: JVNDB-2015-003852 // CNNVD: CNNVD-201507-475 // NVD: CVE-2015-4271

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-82232 // JVNDB: JVNDB-2015-003852 // NVD: CVE-2015-4271

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-475

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 75939

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003852

PATCH

title:

39880

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39880

Trust: 0.8

sources: JVNDB: JVNDB-2015-003852

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4271	Trust: 2.8
db:	SECTRACK	id:	1032931	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003852	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-475	Trust: 0.7
db:	BID	id:	75939	Trust: 0.4
db:	VULHUB	id:	VHN-82232	Trust: 0.1

sources: VULHUB: VHN-82232 // BID: 75939 // JVNDB: JVNDB-2015-003852 // CNNVD: CNNVD-201507-475 // NVD: CVE-2015-4271

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39880	Trust: 2.0
url:	http://www.securitytracker.com/id/1032931	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4271	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4271	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-82232 // BID: 75939 // JVNDB: JVNDB-2015-003852 // CNNVD: CNNVD-201507-475 // NVD: CVE-2015-4271

CREDITS

Cisco

Trust: 0.3

sources: BID: 75939

SOURCES

db:	VULHUB	id:	VHN-82232
db:	BID	id:	75939
db:	JVNDB	id:	JVNDB-2015-003852
db:	CNNVD	id:	CNNVD-201507-475
db:	NVD	id:	CVE-2015-4271

LAST UPDATE DATE

2025-04-13T23:14:31.103000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82232	date:	2016-12-28T00:00:00
db:	BID	id:	75939	date:	2015-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-003852	date:	2015-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201507-475	date:	2015-07-16T00:00:00
db:	NVD	id:	CVE-2015-4271	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82232	date:	2015-07-15T00:00:00
db:	BID	id:	75939	date:	2015-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-003852	date:	2015-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201507-475	date:	2015-07-16T00:00:00
db:	NVD	id:	CVE-2015-4271	date:	2015-07-15T18:59:00.960