var-201510-0017
Vulnerability from variot
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. The Cisco FireSIGHT Management Center centrally manages the network security and operational features of Cisco ASA with FirePOWER Services and Cisco FirePOWER appliances. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCuw12839
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firesight system software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "5.3.1.7"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "5.4.0.4"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firesight management center",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.3.1.7"
},
{
"model": "firesight management center",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.4.0.4"
},
{
"model": "firesight management center",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firesight management center for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "firesight management center for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.4.0.4"
},
{
"model": "firesight management center for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3.1.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"db": "BID",
"id": "77124"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"db": "NVD",
"id": "CVE-2015-6335"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firesight_system_software:5.3.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6335"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "77124"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-6335",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-06866",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-84296",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6335",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06866",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-571",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84296",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"db": "VULHUB",
"id": "VHN-84296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"db": "NVD",
"id": "CVE-2015-6335"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. The Cisco FireSIGHT Management Center centrally manages the network security and operational features of Cisco ASA with FirePOWER Services and Cisco FirePOWER appliances. \nAttackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuw12839",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6335"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"db": "BID",
"id": "77124"
},
{
"db": "VULHUB",
"id": "VHN-84296"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6335",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1033873",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-571",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06866",
"trust": 0.6
},
{
"db": "BID",
"id": "77124",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84296",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"db": "VULHUB",
"id": "VHN-84296"
},
{
"db": "BID",
"id": "77124"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"db": "NVD",
"id": "CVE-2015-6335"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
]
},
"id": "VAR-201510-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"db": "VULHUB",
"id": "VHN-84296"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06866"
}
]
},
"last_update_date": "2023-12-18T12:20:46.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151016-fmc",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151016-fmc"
},
{
"title": "Cisco FireSIGHT Management Center arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/65892"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"db": "NVD",
"id": "CVE-2015-6335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151016-fmc"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033873"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6335"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6335"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"db": "VULHUB",
"id": "VHN-84296"
},
{
"db": "BID",
"id": "77124"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"db": "NVD",
"id": "CVE-2015-6335"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"db": "VULHUB",
"id": "VHN-84296"
},
{
"db": "BID",
"id": "77124"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"db": "NVD",
"id": "CVE-2015-6335"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"date": "2015-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-84296"
},
{
"date": "2015-10-19T00:00:00",
"db": "BID",
"id": "77124"
},
{
"date": "2015-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"date": "2015-10-25T02:59:10.467000",
"db": "NVD",
"id": "CVE-2015-6335"
},
{
"date": "2015-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06866"
},
{
"date": "2017-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-84296"
},
{
"date": "2015-10-19T00:00:00",
"db": "BID",
"id": "77124"
},
{
"date": "2015-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005603"
},
{
"date": "2017-01-05T14:11:21.307000",
"db": "NVD",
"id": "CVE-2015-6335"
},
{
"date": "2015-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VMware for Cisco FireSIGHT Management Center Vulnerabilities that can bypass policy restrictions in the implementation of policy",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005603"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-571"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.