var-201506-0165
Vulnerability from variot
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. Cisco FireSIGHT system The software contains a vulnerability that allows arbitrary user dashboards to be deleted. The Cisco FireSIGHT ManagementCenter is a set of network security and operations that support centralized management of Cisco ASA and Cisco FirePOWER network security appliances using FirePOWER Services. The Cisco FireSIGHT Management Center has security issues. Remotely authenticated non-privileged users submit special VPN removal requests and delete the user's VPN panel. Cisco FireSIGHT System Software is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to to delete the VPN dashboard of a targeted user. This may result in a denial of service condition. This issue is being tracked by Cisco Bug ID CSCut67078
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firesight system software",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.3.1.1"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "5.3.1.3"
},
{
"model": "firesight",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.3.1.3"
},
{
"model": "firesight",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"db": "BID",
"id": "75099"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"db": "NVD",
"id": "CVE-2015-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0773"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75099"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0773",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0773",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-03784",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-78719",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0773",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-03784",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78719",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"db": "VULHUB",
"id": "VHN-78719"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"db": "NVD",
"id": "CVE-2015-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user\u0027s dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. Cisco FireSIGHT system The software contains a vulnerability that allows arbitrary user dashboards to be deleted. The Cisco FireSIGHT ManagementCenter is a set of network security and operations that support centralized management of Cisco ASA and Cisco FirePOWER network security appliances using FirePOWER Services. The Cisco FireSIGHT Management Center has security issues. Remotely authenticated non-privileged users submit special VPN removal requests and delete the user\u0027s VPN panel. Cisco FireSIGHT System Software is prone to a remote security-bypass vulnerability. \nSuccessfully exploiting this issue may allow an attacker to to delete the VPN dashboard of a targeted user. This may result in a denial of service condition. \nThis issue is being tracked by Cisco Bug ID CSCut67078",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0773"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"db": "BID",
"id": "75099"
},
{
"db": "VULHUB",
"id": "VHN-78719"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0773",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1032542",
"trust": 1.1
},
{
"db": "BID",
"id": "75099",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-235",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-03784",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78719",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"db": "VULHUB",
"id": "VHN-78719"
},
{
"db": "BID",
"id": "75099"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"db": "NVD",
"id": "CVE-2015-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
]
},
"id": "VAR-201506-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"db": "VULHUB",
"id": "VHN-78719"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03784"
}
]
},
"last_update_date": "2023-12-18T12:51:42.039000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39256",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39256"
},
{
"title": "Cisco FireSIGHT Management Center configures patches for modifying vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/59662"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78719"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"db": "NVD",
"id": "CVE-2015-0773"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39256"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032542"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0773"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0773"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/firesight-management-center/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"db": "VULHUB",
"id": "VHN-78719"
},
{
"db": "BID",
"id": "75099"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"db": "NVD",
"id": "CVE-2015-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"db": "VULHUB",
"id": "VHN-78719"
},
{
"db": "BID",
"id": "75099"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"db": "NVD",
"id": "CVE-2015-0773"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"date": "2015-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-78719"
},
{
"date": "2015-06-09T00:00:00",
"db": "BID",
"id": "75099"
},
{
"date": "2015-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"date": "2015-06-12T10:59:02.587000",
"db": "NVD",
"id": "CVE-2015-0773"
},
{
"date": "2015-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03784"
},
{
"date": "2017-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-78719"
},
{
"date": "2015-06-09T00:00:00",
"db": "BID",
"id": "75099"
},
{
"date": "2015-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003070"
},
{
"date": "2017-01-04T16:03:57.017000",
"db": "NVD",
"id": "CVE-2015-0773"
},
{
"date": "2015-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco FireSIGHT system Vulnerability to delete arbitrary user\u0027s dashboard in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003070"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-235"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.