VAR-201505-0183
Vulnerability from variot - Updated: 2023-12-18 13:57The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. The Cisco Sourcefire 3D System Lights-Out Management is prone to an arbitrary file-upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected device. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCus87938. Cisco FireSIGHT System Software on Sourcefire 3D Sensor devices is a management center based on 3D Sensor devices of Cisco (Cisco), which supports centralized management of network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services. Lights-Out Management (LOM) is one implementation that supports system administrators to monitor and manage servers remotely
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firesight system software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "sourcefire 3d1000 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d2000 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d2100 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d2500 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d3500 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d4500 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d500 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d6500 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d9900 sensor",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sourcefire 3d system lights-out management",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
}
],
"sources": [
{
"db": "BID",
"id": "74709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"db": "NVD",
"id": "CVE-2015-0739"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d2500_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d3500_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d4500_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d6500_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d1000_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d2100_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d9900_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d500_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:sourcefire_3d2000_sensor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0739"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "74709"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0739",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-78685",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0739",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-311",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78685",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78685"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"db": "NVD",
"id": "CVE-2015-0739"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. The Cisco Sourcefire 3D System Lights-Out Management is prone to an arbitrary file-upload vulnerability. \nAn attacker may leverage this issue to upload arbitrary files to the affected device. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCus87938. Cisco FireSIGHT System Software on Sourcefire 3D Sensor devices is a management center based on 3D Sensor devices of Cisco (Cisco), which supports centralized management of network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services. Lights-Out Management (LOM) is one implementation that supports system administrators to monitor and manage servers remotely",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0739"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"db": "BID",
"id": "74709"
},
{
"db": "VULHUB",
"id": "VHN-78685"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0739",
"trust": 2.8
},
{
"db": "BID",
"id": "74709",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1032359",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002729",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-311",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-78685",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78685"
},
{
"db": "BID",
"id": "74709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"db": "NVD",
"id": "CVE-2015-0739"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
]
},
"id": "VAR-201505-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78685"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:57:36.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sourcefire 3D Sensor",
"trust": 0.8,
"url": "http://www.cisco.com/c/en/us/support/security/sourcefire-3d-sensor/tsd-products-support-series-home.html"
},
{
"title": "38905",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38905"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78685"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"db": "NVD",
"id": "CVE-2015-0739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38905"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74709"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032359"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0739"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0739"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38905 "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78685"
},
{
"db": "BID",
"id": "74709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"db": "NVD",
"id": "CVE-2015-0739"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78685"
},
{
"db": "BID",
"id": "74709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"db": "NVD",
"id": "CVE-2015-0739"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-78685"
},
{
"date": "2015-05-18T00:00:00",
"db": "BID",
"id": "74709"
},
{
"date": "2015-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"date": "2015-05-19T02:00:18.917000",
"db": "NVD",
"id": "CVE-2015-0739"
},
{
"date": "2015-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78685"
},
{
"date": "2015-05-18T00:00:00",
"db": "BID",
"id": "74709"
},
{
"date": "2015-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002729"
},
{
"date": "2017-01-06T17:09:12.457000",
"db": "NVD",
"id": "CVE-2015-0739"
},
{
"date": "2015-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Sourcefire 3D Runs on the sensor device FireSIGHT system Software LOM Any in the implementation of BMC File upload vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002729"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-311"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…