Sign-up

ID

VAR-201509-0284


CVE

CVE-2015-6276


TITLE

Cisco TelePresence IX5000 Plaintext in HTTPS Vulnerability that captures traffic

Trust: 0.8

sources: JVNDB: JVNDB-2015-004600

DESCRIPTION

Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501. Cisco TelePresence IX5000 series is prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. This issue is being tracked by Cisco Bug ID CSCuu63501. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect

Trust: 1.98

sources: NVD: CVE-2015-6276 // JVNDB: JVNDB-2015-004600 // BID: 76616 // VULHUB: VHN-84237

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence system software ixscope:eqversion:8.0.3

Trust: 1.6

vendor:ciscomodel:telepresence ix5000scope:eqversion:8.0.3 base

Trust: 0.8

vendor:ciscomodel:telepresence ix5000scope:eqversion:8.0.3

Trust: 0.3

sources: BID: 76616 // JVNDB: JVNDB-2015-004600 // CNNVD: CNNVD-201509-059 // NVD: CVE-2015-6276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6276
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6276
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-059
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84237
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6276
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84237
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84237 // JVNDB: JVNDB-2015-004600 // CNNVD: CNNVD-201509-059 // NVD: CVE-2015-6276

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84237 // JVNDB: JVNDB-2015-004600 // NVD: CVE-2015-6276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-059

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201509-059

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004600

PATCH
title:40727url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40727
Trust: 0.8
title:Cisco TelePresence IX5000 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61036
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-004600 // 
            
            
            
            CNNVD: CNNVD-201509-059

EXTERNAL IDS
db:NVDid:CVE-2015-6276
Trust: 2.8
db:SECTRACKid:1033477
Trust: 1.1
db:JVNDBid:JVNDB-2015-004600
Trust: 0.8
db:CNNVDid:CNNVD-201509-059
Trust: 0.7
db:BIDid:76616
Trust: 0.4
db:VULHUBid:VHN-84237
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84237 // 
            
            
            
            BID: 76616 // 
            
            
            
            JVNDB: JVNDB-2015-004600 // 
            
            
            
            CNNVD: CNNVD-201509-059 // 
            
            
            
            NVD: CVE-2015-6276

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40727
Trust: 1.7
url:http://www.securitytracker.com/id/1033477
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6276
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6276
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151224-jab
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84237 // 
            
            
            
            BID: 76616 // 
            
            
            
            JVNDB: JVNDB-2015-004600 // 
            
            
            
            CNNVD: CNNVD-201509-059 // 
            
            
            
            NVD: CVE-2015-6276

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76616

SOURCES
db:VULHUBid:VHN-84237
db:BIDid:76616
db:JVNDBid:JVNDB-2015-004600
db:CNNVDid:CNNVD-201509-059
db:NVDid:CVE-2015-6276

LAST UPDATE DATE
2025-04-13T23:29:32.173000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84237date:2016-12-29T00:00:00
db:BIDid:76616date:2015-09-03T00:00:00
db:JVNDBid:JVNDB-2015-004600date:2015-09-09T00:00:00
db:CNNVDid:CNNVD-201509-059date:2015-09-10T00:00:00
db:NVDid:CVE-2015-6276date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84237date:2015-09-05T00:00:00
db:BIDid:76616date:2015-09-03T00:00:00
db:JVNDBid:JVNDB-2015-004600date:2015-09-09T00:00:00
db:CNNVDid:CNNVD-201509-059date:2015-09-08T00:00:00
db:NVDid:CVE-2015-6276date:2015-09-05T02:59:05.367