Sign-up

ID

VAR-201509-0024


CVE

CVE-2015-6304


TITLE

Cisco TelePresence Server Software cross-site request forgery vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2015-004956 // CNNVD: CNNVD-201509-535

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760. Vendors have confirmed this vulnerability Bug ID CSCut63718 , CSCut63724 ,and CSCut63760 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCut63718, CSCut63724, and CSCut63760. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect

Trust: 2.07

sources: NVD: CVE-2015-6304 // JVNDB: JVNDB-2015-004956 // BID: 76824 // VULHUB: VHN-84265 // VULMON: CVE-2015-6304

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0\(2.24\)

Trust: 1.6

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0 (2.24)

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:3.0(2.24)

Trust: 0.3

sources: BID: 76824 // JVNDB: JVNDB-2015-004956 // CNNVD: CNNVD-201509-535 // NVD: CVE-2015-6304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6304
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6304
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-535
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84265
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-6304
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6304
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-84265
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84265 // VULMON: CVE-2015-6304 // JVNDB: JVNDB-2015-004956 // CNNVD: CNNVD-201509-535 // NVD: CVE-2015-6304

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-84265 // JVNDB: JVNDB-2015-004956 // NVD: CVE-2015-6304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-535

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201509-535

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004956

PATCH
title:41128url:http://tools.cisco.com/security/center/viewAlert.x?alertId=41128
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004956

EXTERNAL IDS
db:NVDid:CVE-2015-6304
Trust: 2.9
db:SECTRACKid:1033644
Trust: 1.2
db:JVNDBid:JVNDB-2015-004956
Trust: 0.8
db:CNNVDid:CNNVD-201509-535
Trust: 0.6
db:BIDid:76824
Trust: 0.5
db:VULHUBid:VHN-84265
Trust: 0.1
db:VULMONid:CVE-2015-6304
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84265 // 
            
            
            
            VULMON: CVE-2015-6304 // 
            
            
            
            BID: 76824 // 
            
            
            
            JVNDB: JVNDB-2015-004956 // 
            
            
            
            CNNVD: CNNVD-201509-535 // 
            
            
            
            NVD: CVE-2015-6304

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41128
Trust: 2.1
url:http://www.securitytracker.com/id/1033644
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6304
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6304
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/unified-communications/telepresence-video-communication-server-vcs/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/76824
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84265 // 
            
            
            
            VULMON: CVE-2015-6304 // 
            
            
            
            BID: 76824 // 
            
            
            
            JVNDB: JVNDB-2015-004956 // 
            
            
            
            CNNVD: CNNVD-201509-535 // 
            
            
            
            NVD: CVE-2015-6304

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76824

SOURCES
db:VULHUBid:VHN-84265
db:VULMONid:CVE-2015-6304
db:BIDid:76824
db:JVNDBid:JVNDB-2015-004956
db:CNNVDid:CNNVD-201509-535
db:NVDid:CVE-2015-6304

LAST UPDATE DATE
2025-04-12T23:29:31.234000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84265date:2016-12-29T00:00:00
db:VULMONid:CVE-2015-6304date:2016-12-29T00:00:00
db:BIDid:76824date:2015-09-22T00:00:00
db:JVNDBid:JVNDB-2015-004956date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-535date:2015-09-25T00:00:00
db:NVDid:CVE-2015-6304date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84265date:2015-09-24T00:00:00
db:VULMONid:CVE-2015-6304date:2015-09-24T00:00:00
db:BIDid:76824date:2015-09-22T00:00:00
db:JVNDBid:JVNDB-2015-004956date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-535date:2015-09-25T00:00:00
db:NVDid:CVE-2015-6304date:2015-09-24T14:59:01.703