var-201504-0281
Vulnerability from variot
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. Vendors have confirmed this vulnerability Bug ID CSCus95712 It is released as. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. Successful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0281", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "unified meetingplace", "scope": "eq", "trust": 1.6, "vendor": "cisco", "version": "8.6\\(1.9\\)" }, { "model": "unified meetingplace", "scope": "eq", "trust": 1.1, "vendor": "cisco", "version": "8.6(1.9)" } ], "sources": [ { "db": "BID", "id": "74244" }, { "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "db": "CNNVD", "id": "CNNVD-201504-405" }, { "db": "NVD", "id": "CVE-2015-0702" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:8.6\\(1.9\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-0702" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco", "sources": [ { "db": "BID", "id": "74244" } ], "trust": 0.3 }, "cve": "CVE-2015-0702", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2015-0702", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "VHN-78648", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-0702", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201504-405", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-78648", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2015-0702", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-78648" }, { "db": "VULMON", "id": "CVE-2015-0702" }, { "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "db": "CNNVD", "id": "CNNVD-201504-405" }, { "db": "NVD", "id": "CVE-2015-0702" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. Vendors have confirmed this vulnerability Bug ID CSCus95712 It is released as. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. \nSuccessful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing", "sources": [ { "db": "NVD", "id": "CVE-2015-0702" }, { "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "db": "BID", "id": "74244" }, { "db": "VULHUB", "id": "VHN-78648" }, { "db": "VULMON", "id": "CVE-2015-0702" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-0702", "trust": 2.9 }, { "db": "SECTRACK", "id": "1032165", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2015-002413", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201504-405", "trust": 0.7 }, { "db": "BID", "id": "74244", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-78648", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-0702", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-78648" }, { "db": "VULMON", "id": "CVE-2015-0702" }, { "db": "BID", "id": "74244" }, { "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "db": "CNNVD", "id": "CNNVD-201504-405" }, { "db": "NVD", "id": "CVE-2015-0702" } ] }, "id": "VAR-201504-0281", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-78648" } ], "trust": 0.01 }, "last_update_date": "2024-02-13T22:42:08.313000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "38455", "trust": 0.8, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38455" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002413" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 }, { "problemtype": "CWE-434", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-78648" }, { "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "db": "NVD", "id": "CVE-2015-0702" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38455" }, { "trust": 1.2, "url": "http://www.securitytracker.com/id/1032165" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0702" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0702" }, { "trust": 0.3, "url": "http://www.cisco.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-78648" }, { "db": "VULMON", "id": "CVE-2015-0702" }, { "db": "BID", "id": "74244" }, { "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "db": "CNNVD", "id": "CNNVD-201504-405" }, { "db": "NVD", "id": "CVE-2015-0702" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-78648" }, { "db": "VULMON", "id": "CVE-2015-0702" }, { "db": "BID", "id": "74244" }, { "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "db": "CNNVD", "id": "CNNVD-201504-405" }, { "db": "NVD", "id": "CVE-2015-0702" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-04-21T00:00:00", "db": "VULHUB", "id": "VHN-78648" }, { "date": "2015-04-21T00:00:00", "db": "VULMON", "id": "CVE-2015-0702" }, { "date": "2015-04-20T00:00:00", "db": "BID", "id": "74244" }, { "date": "2015-04-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "date": "2015-04-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201504-405" }, { "date": "2015-04-21T02:59:00.997000", "db": "NVD", "id": "CVE-2015-0702" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-01-06T00:00:00", "db": "VULHUB", "id": "VHN-78648" }, { "date": "2017-01-06T00:00:00", "db": "VULMON", "id": "CVE-2015-0702" }, { "date": "2015-04-20T00:00:00", "db": "BID", "id": "74244" }, { "date": "2015-04-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002413" }, { "date": "2015-04-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201504-405" }, { "date": "2017-01-06T15:29:36.823000", "db": "NVD", "id": "CVE-2015-0702" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201504-405" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco Unified MeetingPlace of Custom Prompts Arbitrary code execution vulnerability in implementation of upload", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002413" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201504-405" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.