ID
VAR-201512-0415
CVE
CVE-2015-6378
TITLE
Cisco Model DPQ3925 with EDVA Device cross-site request forgery vulnerability
Trust: 0.8
DESCRIPTION
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. The Cisco DPQ3925 devices are a wireless router device from Cisco. Allow remote attackers to hijack the authentication of any user identity. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID's CSCuv05430 and CSCuv05943. Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with Embedded Digital Voice Adapter (EDVA) is vulnerable
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | dpq3925 8x4 docsis 3.0 wireless residential gateway with embedded digital voice adapter | scope: | eq | version: | 5.5.2 | Trust: 1.6 |
| vendor: | cisco | model: | model dpq3925 8x4 docsis 3.0 wireless residential gateway with edva | scope: | eq | version: | 5.5.2 | Trust: 0.8 |
| vendor: | cisco | model: | dpq3925 devices with edva | scope: | eq | version: | 5.5.2 | Trust: 0.6 |
| vendor: | cisco | model: | model dpq3925 docsis wireless residential gateway | scope: | eq | version: | 8x43.00 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
cross-site request forgery
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20151208-gateway | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-gateway | Trust: 0.8 |
| title: | Cisco DPQ3925 Fixing measures for device cross-site request forgery vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59217 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6378 | Trust: 3.4 |
| db: | SECTRACK | id: | 1034345 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-006399 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201512-402 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-08383 | Trust: 0.6 |
| db: | BID | id: | 79050 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-84339 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151208-gateway | Trust: 2.6 |
| url: | http://www.securitytracker.com/id/1034345 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6378 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6378 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2015-08383 |
| db: | VULHUB | id: | VHN-84339 |
| db: | BID | id: | 79050 |
| db: | JVNDB | id: | JVNDB-2015-006399 |
| db: | CNNVD | id: | CNNVD-201512-402 |
| db: | NVD | id: | CVE-2015-6378 |
LAST UPDATE DATE
2025-04-12T23:25:48.912000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-08383 | date: | 2015-12-22T00:00:00 |
| db: | VULHUB | id: | VHN-84339 | date: | 2017-09-13T00:00:00 |
| db: | BID | id: | 79050 | date: | 2015-12-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-006399 | date: | 2015-12-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201512-402 | date: | 2015-12-14T00:00:00 |
| db: | NVD | id: | CVE-2015-6378 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-08383 | date: | 2015-12-22T00:00:00 |
| db: | VULHUB | id: | VHN-84339 | date: | 2015-12-14T00:00:00 |
| db: | BID | id: | 79050 | date: | 2015-12-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-006399 | date: | 2015-12-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201512-402 | date: | 2015-12-14T00:00:00 |
| db: | NVD | id: | CVE-2015-6378 | date: | 2015-12-14T03:59:00.117 |