Sign-up

ID

VAR-201712-0017


CVE

CVE-2015-6237


TITLE

Tripwire IP360 Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-008079

DESCRIPTION

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands.". Tripwire ( Old nCircle) IP360 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tripwire (formerly known as nCircle) IP360VnEManager is an IT asset management device from Tripwire Corporation of the United States. A security vulnerability exists in the RPC service in version 7.2.2 prior to TripwireIP360VnEManager 7.2.6. Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected (verified) versions: v7.2.2 -> v7.2.5 CVE ===== CVE-2015-6237 CVSS ======= CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O/RC:C Base Score: 10.0 Temporal Score: 9.5 Rating ========= Critical Vulnerability Summary ====================== The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled. Impact ======== Successful exploitation will allow a remote unauthenticated attacker to execute commands and queries against the API normally only available to privileged users. Users configured to use external authentication sources (e.g. LDAP) can have a local password created and made usable by an attacker while the authorized user continues to use external authentication. The combined vectors could allow for remote administrative privilege acquisition. Remediation ============= Update to v7.2.6 Credits ========== This vulnerability was discovered and reported by Specto (specto [at] custodela [dot] com). Relevant Timeline ==================== 18/08/2015: Initial vendor contact 19/08/2015: Vulnerability provided to vendor 19/08/2015: Vulnerability accepted by vendor 25/08/2015: Vulnerability confirmed by vendor 30/09/2015: Update with vulnerability fix released by vendor 01/10/2015: Advisory posted

Trust: 2.25

sources: NVD: CVE-2015-6237 // JVNDB: JVNDB-2015-008079 // CNVD: CNVD-2018-01118 // PACKETSTORM: 133846

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-01118

AFFECTED PRODUCTS

vendor:tripwiremodel:ip360scope:eqversion:7.2.5

Trust: 1.6

vendor:tripwiremodel:ip360scope:eqversion:7.2.4

Trust: 1.6

vendor:tripwiremodel:ip360scope:eqversion:7.2.2

Trust: 1.6

vendor:trip wiremodel:ip360scope:ltversion:7.2.2 thats all 7.2.6

Trust: 0.8

vendor:tripwiremodel:ip360 vne managerscope:gteversion:7.2.2,<=7.2.6

Trust: 0.6

sources: CNVD: CNVD-2018-01118 // JVNDB: JVNDB-2015-008079 // CNNVD: CNNVD-201712-960 // NVD: CVE-2015-6237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6237
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-6237
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-01118
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-960
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2015-6237
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-01118
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-6237
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-01118 // JVNDB: JVNDB-2015-008079 // CNNVD: CNNVD-201712-960 // NVD: CVE-2015-6237

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2015-008079 // NVD: CVE-2015-6237

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 133846 // CNNVD: CNNVD-201712-960

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201712-960

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008079

PATCH
title:Tripwire IP360url:https://www.tripwire.co.jp/products/IP360/
Trust: 0.8
title:TripwireIP360VnEManager security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/113625
Trust: 0.6
title:Tripwire IP360 VnE Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77349
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-01118 // 
            
            
            
            JVNDB: JVNDB-2015-008079 // 
            
            
            
            CNNVD: CNNVD-201712-960

EXTERNAL IDS
db:NVDid:CVE-2015-6237
Trust: 3.1
db:JVNDBid:JVNDB-2015-008079
Trust: 0.8
db:CNVDid:CNVD-2018-01118
Trust: 0.6
db:CNNVDid:CNNVD-201712-960
Trust: 0.6
db:PACKETSTORMid:133846
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-01118 // 
            
            
            
            JVNDB: JVNDB-2015-008079 // 
            
            
            
            PACKETSTORM: 133846 // 
            
            
            
            CNNVD: CNNVD-201712-960 // 
            
            
            
            NVD: CVE-2015-6237

REFERENCES
url:http://seclists.org/fulldisclosure/2015/oct/20
Trust: 3.0
url:http://www.securityfocus.com/archive/1/archive/1/536609/100/0/threaded
Trust: 1.2
url:http://www.securityfocus.com/archive/1/536609/100/0/threaded
Trust: 1.0
url:https://nvd.nist.gov/vuln/detail/cve-2015-6237
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6237
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-01118 // 
            
            
            
            JVNDB: JVNDB-2015-008079 // 
            
            
            
            PACKETSTORM: 133846 // 
            
            
            
            CNNVD: CNNVD-201712-960 // 
            
            
            
            NVD: CVE-2015-6237

CREDITS
Specto
Trust: 0.1
sources:
            
            
            PACKETSTORM: 133846

SOURCES
db:CNVDid:CNVD-2018-01118
db:JVNDBid:JVNDB-2015-008079
db:PACKETSTORMid:133846
db:CNNVDid:CNNVD-201712-960
db:NVDid:CVE-2015-6237

LAST UPDATE DATE
2025-04-20T23:12:44.111000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-01118date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2015-008079date:2018-01-26T00:00:00
db:CNNVDid:CNNVD-201712-960date:2017-12-29T00:00:00
db:NVDid:CVE-2015-6237date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-01118date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2015-008079date:2018-01-26T00:00:00
db:PACKETSTORMid:133846date:2015-10-05T18:40:43
db:CNNVDid:CNNVD-201712-960date:2017-12-29T00:00:00
db:NVDid:CVE-2015-6237date:2017-12-27T19:29:00.223