Details of VAR-201508-0481

ID

VAR-201508-0481

CVE

CVE-2015-4308

TITLE

Cisco Edge 340 Run on device Edge Bluebird Operating System of WebGUI Vulnerability in which important information is acquired in the configuration export function

Trust: 0.8

sources: JVNDB: JVNDB-2015-004359

DESCRIPTION

The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968. The Cisco Edge 340 Series Digital Media Player is a digital media playback application. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuu43968

Trust: 2.52

sources: NVD: CVE-2015-4308 // JVNDB: JVNDB-2015-004359 // CNVD: CNVD-2015-05531 // BID: 76349 // VULHUB: VHN-82269

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05531

AFFECTED PRODUCTS

vendor:	cisco	model:	edge bluebird operating system	scope:	eq	version:	1.2	Trust: 2.2
vendor:	cisco	model:	edge bluebird operating system software	scope:	eq	version:	1.2.0	Trust: 0.8
vendor:	cisco	model:	edge bluebird operating system software	scope:	eq	version:	1.2	Trust: 0.3

sources: CNVD: CNVD-2015-05531 // BID: 76349 // JVNDB: JVNDB-2015-004359 // CNNVD: CNNVD-201508-373 // NVD: CVE-2015-4308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4308
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4308
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-05531
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201508-373
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82269
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4308
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05531
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82269
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05531 // VULHUB: VHN-82269 // JVNDB: JVNDB-2015-004359 // CNNVD: CNNVD-201508-373 // NVD: CVE-2015-4308

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-82269 // JVNDB: JVNDB-2015-004359 // NVD: CVE-2015-4308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-373

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-373

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004359

PATCH

title:	40434	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40434	Trust: 0.8
title:	\302\240Patch for Cisco Edge 340 Series Digital Media Player File View Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/62937	Trust: 0.6

sources: CNVD: CNVD-2015-05531 // JVNDB: JVNDB-2015-004359

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4308	Trust: 3.4
db:	BID	id:	76349	Trust: 2.0
db:	SECTRACK	id:	1033280	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004359	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-373	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05531	Trust: 0.6
db:	VULHUB	id:	VHN-82269	Trust: 0.1

sources: CNVD: CNVD-2015-05531 // VULHUB: VHN-82269 // BID: 76349 // JVNDB: JVNDB-2015-004359 // CNNVD: CNNVD-201508-373 // NVD: CVE-2015-4308

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40434	Trust: 2.6
url:	http://www.securityfocus.com/bid/76349	Trust: 1.7
url:	http://www.securitytracker.com/id/1033280	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4308	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4308	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-05531 // VULHUB: VHN-82269 // BID: 76349 // JVNDB: JVNDB-2015-004359 // CNNVD: CNNVD-201508-373 // NVD: CVE-2015-4308

CREDITS

Cisco

Trust: 0.9

sources: BID: 76349 // CNNVD: CNNVD-201508-373

SOURCES

db:	CNVD	id:	CNVD-2015-05531
db:	VULHUB	id:	VHN-82269
db:	BID	id:	76349
db:	JVNDB	id:	JVNDB-2015-004359
db:	CNNVD	id:	CNNVD-201508-373
db:	NVD	id:	CVE-2015-4308

LAST UPDATE DATE

2025-04-13T23:27:31.986000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05531	date:	2015-08-25T00:00:00
db:	VULHUB	id:	VHN-82269	date:	2016-12-28T00:00:00
db:	BID	id:	76349	date:	2015-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-004359	date:	2015-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201508-373	date:	2015-08-20T00:00:00
db:	NVD	id:	CVE-2015-4308	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05531	date:	2015-08-24T00:00:00
db:	VULHUB	id:	VHN-82269	date:	2015-08-19T00:00:00
db:	BID	id:	76349	date:	2015-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-004359	date:	2015-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201508-373	date:	2015-08-19T00:00:00
db:	NVD	id:	CVE-2015-4308	date:	2015-08-19T15:59:04.913