Sign-up

ID

VAR-201512-0399


CVE

CVE-2015-6426


TITLE

Cisco Prime Network Services Controller Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-006477

DESCRIPTION

Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427. A local attacker can exploit this issue to execute arbitrary commands in the context of the application. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCus99427. The software automates configuration changes to managed virtual networks through a single interface

Trust: 1.98

sources: NVD: CVE-2015-6426 // JVNDB: JVNDB-2015-006477 // BID: 79582 // VULHUB: VHN-84387

AFFECTED PRODUCTS

vendor:ciscomodel:prime network services controllerscope:eqversion:3.0.0

Trust: 1.6

vendor:ciscomodel:prime network services controllerscope:eqversion:3.0

Trust: 0.8

sources: JVNDB: JVNDB-2015-006477 // CNNVD: CNNVD-201512-522 // NVD: CVE-2015-6426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6426
value: HIGH

Trust: 1.0

NVD: CVE-2015-6426
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-522
value: HIGH

Trust: 0.6

VULHUB: VHN-84387
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6426
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84387
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84387 // JVNDB: JVNDB-2015-006477 // CNNVD: CNNVD-201512-522 // NVD: CVE-2015-6426

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-84387 // JVNDB: JVNDB-2015-006477 // NVD: CVE-2015-6426

THREAT TYPE

local

Trust: 0.9

sources: BID: 79582 // CNNVD: CNNVD-201512-522

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201512-522

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006477

PATCH
title:cisco-sa-20151217-pnscurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-pnsc
Trust: 0.8
title:Cisco Prime Network Services Controller Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59299
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006477 // 
            
            
            
            CNNVD: CNNVD-201512-522

EXTERNAL IDS
db:NVDid:CVE-2015-6426
Trust: 2.8
db:BIDid:79582
Trust: 2.0
db:JVNDBid:JVNDB-2015-006477
Trust: 0.8
db:CNNVDid:CNNVD-201512-522
Trust: 0.7
db:SEEBUGid:SSVID-90192
Trust: 0.1
db:VULHUBid:VHN-84387
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84387 // 
            
            
            
            BID: 79582 // 
            
            
            
            JVNDB: JVNDB-2015-006477 // 
            
            
            
            CNNVD: CNNVD-201512-522 // 
            
            
            
            NVD: CVE-2015-6426

REFERENCES
url:http://www.securityfocus.com/bid/79582
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151217-pnsc
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6426
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6426
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84387 // 
            
            
            
            BID: 79582 // 
            
            
            
            JVNDB: JVNDB-2015-006477 // 
            
            
            
            CNNVD: CNNVD-201512-522 // 
            
            
            
            NVD: CVE-2015-6426

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 79582 // 
            
            
            
            CNNVD: CNNVD-201512-522

SOURCES
db:VULHUBid:VHN-84387
db:BIDid:79582
db:JVNDBid:JVNDB-2015-006477
db:CNNVDid:CNNVD-201512-522
db:NVDid:CVE-2015-6426

LAST UPDATE DATE
2025-04-13T23:25:11.347000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84387date:2016-11-28T00:00:00
db:BIDid:79582date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006477date:2015-12-21T00:00:00
db:CNNVDid:CNNVD-201512-522date:2015-12-21T00:00:00
db:NVDid:CVE-2015-6426date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84387date:2015-12-18T00:00:00
db:BIDid:79582date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006477date:2015-12-21T00:00:00
db:CNNVDid:CNNVD-201512-522date:2015-12-18T00:00:00
db:NVDid:CVE-2015-6426date:2015-12-18T11:59:01.560