Details of VAR-201507-0543

ID

VAR-201507-0543

CVE

CVE-2015-4258

TITLE

Cisco TelePresence MSE 8000 Device Cross-Site Request Forgery Vulnerability

Trust: 2.0

sources: CNVD: CNVD-2015-04444 // JVNDB: JVNDB-2015-003930 // CNNVD: CNNVD-201507-304

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444. Vendors have confirmed this vulnerability Bug ID CSCuu90444 It is released as.A third party may be able to hijack the authentication of any user. Cisco TelePresence MSE 8000 devices is a high-capacity voice and video conferencing media service engine appliance. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuu90444

Trust: 2.52

sources: NVD: CVE-2015-4258 // JVNDB: JVNDB-2015-003930 // CNVD: CNVD-2015-04444 // BID: 75678 // VULHUB: VHN-82219

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04444

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence mse 8000 series	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	telepresence mse 8000 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence mse	scope:	eq	version:	8000	Trust: 0.6
vendor:	cisco	model:	telepresence mse series	scope:	eq	version:	80000	Trust: 0.3

sources: CNVD: CNVD-2015-04444 // BID: 75678 // JVNDB: JVNDB-2015-003930 // CNNVD: CNNVD-201507-304 // NVD: CVE-2015-4258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4258
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4258
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-04444
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201507-304
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82219
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4258
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04444
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82219
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04444 // VULHUB: VHN-82219 // JVNDB: JVNDB-2015-003930 // CNNVD: CNNVD-201507-304 // NVD: CVE-2015-4258

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-82219 // JVNDB: JVNDB-2015-003930 // NVD: CVE-2015-4258

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-304

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201507-304

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003930

PATCH

title:

39802

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39802

Trust: 0.8

sources: JVNDB: JVNDB-2015-003930

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4258	Trust: 3.4
db:	SECTRACK	id:	1032838	Trust: 1.1
db:	BID	id:	75678	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-003930	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-304	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04444	Trust: 0.6
db:	VULHUB	id:	VHN-82219	Trust: 0.1

sources: CNVD: CNVD-2015-04444 // VULHUB: VHN-82219 // BID: 75678 // JVNDB: JVNDB-2015-003930 // CNNVD: CNNVD-201507-304 // NVD: CVE-2015-4258

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39802	Trust: 2.6
url:	http://www.securitytracker.com/id/1032838	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4258	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4258	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-04444 // VULHUB: VHN-82219 // BID: 75678 // JVNDB: JVNDB-2015-003930 // CNNVD: CNNVD-201507-304 // NVD: CVE-2015-4258

CREDITS

Cisco

Trust: 0.3

sources: BID: 75678

SOURCES

db:	CNVD	id:	CNVD-2015-04444
db:	VULHUB	id:	VHN-82219
db:	BID	id:	75678
db:	JVNDB	id:	JVNDB-2015-003930
db:	CNNVD	id:	CNNVD-201507-304
db:	NVD	id:	CVE-2015-4258

LAST UPDATE DATE

2025-04-12T22:59:16.965000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04444	date:	2015-07-14T00:00:00
db:	VULHUB	id:	VHN-82219	date:	2016-12-29T00:00:00
db:	BID	id:	75678	date:	2015-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003930	date:	2015-07-28T00:00:00
db:	CNNVD	id:	CNNVD-201507-304	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-4258	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04444	date:	2015-07-14T00:00:00
db:	VULHUB	id:	VHN-82219	date:	2015-07-10T00:00:00
db:	BID	id:	75678	date:	2015-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-003930	date:	2015-07-28T00:00:00
db:	CNNVD	id:	CNNVD-201507-304	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-4258	date:	2015-07-10T00:59:05.777