Sign-up

ID

VAR-201507-0542


CVE

CVE-2015-4257


TITLE

Cisco TelePresence MCU 4500 Device Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-04445 // CNNVD: CNNVD-201507-303

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710. Vendors have confirmed this vulnerability Bug ID CSCuu90710 It is released as.A third party may be able to hijack the authentication of any user. The Cisco TelePresence MCU 4500 is a multimedia conferencing bridge product. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuu90710

Trust: 2.61

sources: NVD: CVE-2015-4257 // JVNDB: JVNDB-2015-003549 // CNVD: CNVD-2015-04445 // BID: 75681 // VULHUB: VHN-82218 // VULMON: CVE-2015-4257

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04445

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence mcu softwarescope:eqversion:4.5\(1.55\)

Trust: 1.6

vendor:ciscomodel:telepresence mcu softwarescope:eqversion:4.5(1.55)

Trust: 1.1

vendor:ciscomodel:telepresence mcuscope:eqversion:45004.5(1.55)

Trust: 0.6

sources: CNVD: CNVD-2015-04445 // BID: 75681 // JVNDB: JVNDB-2015-003549 // CNNVD: CNNVD-201507-303 // NVD: CVE-2015-4257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4257
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4257
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04445
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201507-303
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82218
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-4257
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4257
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-04445
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82218
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04445 // VULHUB: VHN-82218 // VULMON: CVE-2015-4257 // JVNDB: JVNDB-2015-003549 // CNNVD: CNNVD-201507-303 // NVD: CVE-2015-4257

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-82218 // JVNDB: JVNDB-2015-003549 // NVD: CVE-2015-4257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-303

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-303

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003549

PATCH
title:39801url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39801
Trust: 0.8
title:Cisco: Cisco TelePresence MCU 4500 Cross-Site Request Forgery Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150709-CVE-2015-4257
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-4257 // 
            
            
            
            JVNDB: JVNDB-2015-003549

EXTERNAL IDS
db:NVDid:CVE-2015-4257
Trust: 3.5
db:SECTRACKid:1032838
Trust: 1.2
db:BIDid:75681
Trust: 1.1
db:JVNDBid:JVNDB-2015-003549
Trust: 0.8
db:CNNVDid:CNNVD-201507-303
Trust: 0.7
db:CNVDid:CNVD-2015-04445
Trust: 0.6
db:VULHUBid:VHN-82218
Trust: 0.1
db:VULMONid:CVE-2015-4257
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04445 // 
            
            
            
            VULHUB: VHN-82218 // 
            
            
            
            VULMON: CVE-2015-4257 // 
            
            
            
            BID: 75681 // 
            
            
            
            JVNDB: JVNDB-2015-003549 // 
            
            
            
            CNNVD: CNNVD-201507-303 // 
            
            
            
            NVD: CVE-2015-4257

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39801
Trust: 2.7
url:http://www.securitytracker.com/id/1032838
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4257
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4257
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/75681
Trust: 0.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150709-cve-2015-4257
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04445 // 
            
            
            
            VULHUB: VHN-82218 // 
            
            
            
            VULMON: CVE-2015-4257 // 
            
            
            
            BID: 75681 // 
            
            
            
            JVNDB: JVNDB-2015-003549 // 
            
            
            
            CNNVD: CNNVD-201507-303 // 
            
            
            
            NVD: CVE-2015-4257

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75681

SOURCES
db:CNVDid:CNVD-2015-04445
db:VULHUBid:VHN-82218
db:VULMONid:CVE-2015-4257
db:BIDid:75681
db:JVNDBid:JVNDB-2015-003549
db:CNNVDid:CNNVD-201507-303
db:NVDid:CVE-2015-4257

LAST UPDATE DATE
2025-04-13T23:14:30.957000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04445date:2015-07-14T00:00:00
db:VULHUBid:VHN-82218date:2016-12-29T00:00:00
db:VULMONid:CVE-2015-4257date:2016-12-29T00:00:00
db:BIDid:75681date:2015-07-09T00:00:00
db:JVNDBid:JVNDB-2015-003549date:2015-07-14T00:00:00
db:CNNVDid:CNNVD-201507-303date:2015-07-10T00:00:00
db:NVDid:CVE-2015-4257date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04445date:2015-07-14T00:00:00
db:VULHUBid:VHN-82218date:2015-07-10T00:00:00
db:VULMONid:CVE-2015-4257date:2015-07-10T00:00:00
db:BIDid:75681date:2015-07-09T00:00:00
db:JVNDBid:JVNDB-2015-003549date:2015-07-14T00:00:00
db:CNNVDid:CNNVD-201507-303date:2015-07-10T00:00:00
db:NVDid:CVE-2015-4257date:2015-07-10T00:59:04.867