cvelistv5 - cve-2015-6362

CVE-2015-6362 (GCVE-0-2015-6362)

Vulnerability from cvelistv5 – Published: 2015-11-10 02:00 – Updated: 2024-08-06 07:22

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1034106	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:20.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20151109 Cisco Connected Grid Network Management System Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
          },
          {
            "name": "1034106",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034106"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T22:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20151109 Cisco Connected Grid Network Management System Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
        },
        {
          "name": "1034106",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034106"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6362",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20151109 Cisco Connected Grid Network Management System Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
            },
            {
              "name": "1034106",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034106"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6362",
    "datePublished": "2015-11-10T02:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:22:20.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\\\(0.35\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"555B9959-8AC3-4BB1-B513-CE67A2478FDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\\\(0.54\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50433CA1-7937-4780-A5B4-90A1F67F7B38\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640.\"}, {\"lang\": \"es\", \"value\": \"La web GUI en Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) y 3.0(0.54) permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y modificar la configuraci\\u00f3n mediante el aprovechamiento del rol Monitor-Only, tambi\\u00e9n conocido como Bug ID CSCuw42640.\"}]",
      "id": "CVE-2015-6362",
      "lastModified": "2024-11-21T02:34:51.510",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-11-10T03:59:01.473",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034106\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034106\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6362\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-11-10T03:59:01.473\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640.\"},{\"lang\":\"es\",\"value\":\"La web GUI en Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) y 3.0(0.54) permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y modificar la configuraci\u00f3n mediante el aprovechamiento del rol Monitor-Only, tambi\u00e9n conocido como Bug ID CSCuw42640.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\\\(0.35\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"555B9959-8AC3-4BB1-B513-CE67A2478FDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\\\(0.54\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50433CA1-7937-4780-A5B4-90A1F67F7B38\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034106\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2015-6362

Vulnerability from fkie_nvd - Published: 2015-11-10 03:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1034106
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034106

Impacted products

	Vendor	Product	Version
	cisco	connected_grid_network_management_system	3.0\(0.35\)
	cisco	connected_grid_network_management_system	3.0\(0.54\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\(0.35\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "555B9959-8AC3-4BB1-B513-CE67A2478FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\(0.54\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "50433CA1-7937-4780-A5B4-90A1F67F7B38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640."
    },
    {
      "lang": "es",
      "value": "La web GUI en Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) y 3.0(0.54) permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y modificar la configuraci\u00f3n mediante el aprovechamiento del rol Monitor-Only, tambi\u00e9n conocido como Bug ID CSCuw42640."
    }
  ],
  "id": "CVE-2015-6362",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-10T03:59:01.473",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1034106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034106"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-07525

Vulnerability from cnvd - Published: 2015-11-13

Title

Cisco Connected Grid Network Management System权限提升漏洞

Description

Cisco Connected Grid Network Management System（CG-NMS）是美国思科（Cisco）公司的一套端到端的智能电网管理系统。 Cisco CG-NMS 3.0(0.35)版本和3.0(0.54)版本的web GUI存在安全漏洞。远程攻击者可通过Monitor-Only角色利用该漏洞绕过既定的访问限制，修改配置。

Severity

中

Patch Name

Cisco Connected Grid Network Management System权限提升漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms

Impacted products

Name
['Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35)', 'Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.54)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6362"
    }
  },
  "description": "Cisco Connected Grid Network Management System\uff08CG-NMS\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u7aef\u5230\u7aef\u7684\u667a\u80fd\u7535\u7f51\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nCisco CG-NMS 3.0(0.35)\u7248\u672c\u548c3.0(0.54)\u7248\u672c\u7684web GUI\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7Monitor-Only\u89d2\u8272\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u65e2\u5b9a\u7684\u8bbf\u95ee\u9650\u5236\uff0c\u4fee\u6539\u914d\u7f6e\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07525",
  "openTime": "2015-11-13",
  "patchDescription": "Cisco Connected Grid Network Management System\uff08CG-NMS\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u7aef\u5230\u7aef\u7684\u667a\u80fd\u7535\u7f51\u7ba1\u7406\u7cfb\u7edf\u3002\r\nCisco CG-NMS 3.0(0.35)\u7248\u672c\u548c3.0(0.54)\u7248\u672c\u7684web GUI\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7Monitor-Only\u89d2\u8272\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u65e2\u5b9a\u7684\u8bbf\u95ee\u9650\u5236\uff0c\u4fee\u6539\u914d\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Connected Grid Network Management System\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35)",
      "Cisco Connected Grid Network Management System (CG-NMS)   3.0(0.54)"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms",
  "serverity": "\u4e2d",
  "submitTime": "2015-11-12",
  "title": "Cisco Connected Grid Network Management System\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CERTFR-2015-AVI-468

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco Connected Grid Network Management. Elle permet à un attaquant de provoquer une élévation de privilèges.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Connected Grid Network Management System versions 3.0(0.35) et 3.0(0.54).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco du 09 novembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco Connected Grid Network Management System versions  3.0(0.35) et 3.0(0.54).\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-6362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6362"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-468",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco\nConnected Grid Network Management\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco Connected Grid Network Management",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 09 novembre 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
    }
  ]
}

CERTFR-2015-AVI-468

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco Connected Grid Network Management. Elle permet à un attaquant de provoquer une élévation de privilèges.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Connected Grid Network Management System versions 3.0(0.35) et 3.0(0.54).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco du 09 novembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco Connected Grid Network Management System versions  3.0(0.35) et 3.0(0.54).\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-6362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6362"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-468",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco\nConnected Grid Network Management\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco Connected Grid Network Management",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 09 novembre 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
    }
  ]
}

VAR-201511-0213

Vulnerability from variot - Updated: 2023-12-18 13:53

The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. Vendors report this vulnerability Bug ID CSCuw42640 Published as.By a remotely authenticated user, Monitor-Only By using roles, access restrictions can be bypassed and settings may be changed. Attackers can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuw42640

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0213",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "connected grid network management system",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "cisco",
        "version": "3.0(0.35)"
      },
      {
        "model": "connected grid network management system",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "cisco",
        "version": "3.0(0.54)"
      },
      {
        "model": "connected grid network management system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0\\(0.54\\)"
      },
      {
        "model": "connected grid network management system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0\\(0.35\\)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "db": "BID",
        "id": "77532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\(0.35\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\(0.54\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6362"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "77532"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-6362",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-6362",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2015-07525",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-84323",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-6362",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-07525",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-146",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84323",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. Vendors report this vulnerability Bug ID CSCuw42640 Published as.By a remotely authenticated user, Monitor-Only By using roles, access restrictions can be bypassed and settings may be changed. \nAttackers can exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCuw42640",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "db": "BID",
        "id": "77532"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84323"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6362",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1034106",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "77532",
        "trust": 0.4
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89733",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-84323",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84323"
      },
      {
        "db": "BID",
        "id": "77532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ]
  },
  "id": "VAR-201511-0213",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84323"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:53:13.867000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20151109-cg-nms",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151109-cg-nms"
      },
      {
        "title": "Patch for Cisco Connected Grid Network Management System Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/66636"
      },
      {
        "title": "Cisco Connected Grid Network Management System Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58641"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6362"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151109-cg-nms"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034106"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6362"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6362"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps10164/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-wsa1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84323"
      },
      {
        "db": "BID",
        "id": "77532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84323"
      },
      {
        "db": "BID",
        "id": "77532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "date": "2015-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84323"
      },
      {
        "date": "2015-11-09T00:00:00",
        "db": "BID",
        "id": "77532"
      },
      {
        "date": "2015-11-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "date": "2015-11-10T03:59:01.473000",
        "db": "NVD",
        "id": "CVE-2015-6362"
      },
      {
        "date": "2015-11-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07525"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84323"
      },
      {
        "date": "2015-11-09T00:00:00",
        "db": "BID",
        "id": "77532"
      },
      {
        "date": "2015-11-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      },
      {
        "date": "2016-12-07T18:19:51.333000",
        "db": "NVD",
        "id": "CVE-2015-6362"
      },
      {
        "date": "2015-11-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Connected Grid Network Management System of  Web GUI Vulnerabilities bypassing access restrictions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005815"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-146"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-6362

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6362

Aliases

CVE-2015-6362

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6362",
    "description": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640.",
    "id": "GSD-2015-6362"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6362"
      ],
      "details": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640.",
      "id": "GSD-2015-6362",
      "modified": "2023-12-13T01:20:04.095893Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-6362",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20151109 Cisco Connected Grid Network Management System Privilege Escalation Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
          },
          {
            "name": "1034106",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034106"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\(0.35\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_grid_network_management_system:3.0\\(0.54\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6362"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20151109 Cisco Connected Grid Network Management System Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
            },
            {
              "name": "1034106",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034106"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-07T18:19Z",
      "publishedDate": "2015-11-10T03:59Z"
    }
  }
}

GHSA-WH7V-9P3V-C89W

Vulnerability from github – Published: 2022-05-17 03:26 – Updated: 2022-05-17 03:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6362"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-11-10T03:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640.",
  "id": "GHSA-wh7v-9p3v-c89w",
  "modified": "2022-05-17T03:26:57Z",
  "published": "2022-05-17T03:26:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6362"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034106"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6362 (GCVE-0-2015-6362)

FKIE_CVE-2015-6362

CNVD-2015-07525

CERTFR-2015-AVI-468

Contournement provisoire

CERTFR-2015-AVI-468

Contournement provisoire

VAR-201511-0213

GSD-2015-6362

GHSA-WH7V-9P3V-C89W

Tags

Sightings

Nomenclature