cnvd - cnvd-2015-03403

cnvd-2015-03403

Vulnerability from cnvd

Title: Cisco Prime Central for Hosted Collaboration Solution跨站请求伪造漏洞

Description:

Cisco Prime是一款以服务为中心从终端、网络设备和应用整合管理有线与无线LAN、WAN与数据中心，并筛选信息的解决方案。

Cisco Prime Central for Hosted Collaboration Solution存在跨站请求伪造漏洞，允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。

Severity: 中

Patch Name: Cisco Prime Central for Hosted Collaboration Solution跨站请求伪造漏洞的补丁

Patch Description:

Cisco Prime是一款以服务为中心从终端、网络设备和应用整合管理有线与无线LAN、WAN与数据中心，并筛选信息的解决方案。Cisco Prime Central for Hosted Collaboration Solution存在跨站请求伪造漏洞，允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://tools.cisco.com/security/center/viewAlert.x?alertId=38927

Reference: http://tools.cisco.com/security/center/viewAlert.x?alertId=38927

Impacted products

Name
Cisco Prime Central for Hosted Collaboration Solution <=10.6(1)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0741"
    }
  },
  "description": "Cisco Prime\u662f\u4e00\u6b3e\u4ee5\u670d\u52a1\u4e3a\u4e2d\u5fc3\u4ece\u7ec8\u7aef\u3001\u7f51\u7edc\u8bbe\u5907\u548c\u5e94\u7528\u6574\u5408\u7ba1\u7406\u6709\u7ebf\u4e0e\u65e0\u7ebfLAN\u3001WAN\u4e0e\u6570\u636e\u4e2d\u5fc3\uff0c\u5e76\u7b5b\u9009\u4fe1\u606f\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco Prime Central for Hosted Collaboration Solution\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=38927",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03403",
  "openTime": "2015-05-28",
  "patchDescription": "Cisco Prime\u662f\u4e00\u6b3e\u4ee5\u670d\u52a1\u4e3a\u4e2d\u5fc3\u4ece\u7ec8\u7aef\u3001\u7f51\u7edc\u8bbe\u5907\u548c\u5e94\u7528\u6574\u5408\u7ba1\u7406\u6709\u7ebf\u4e0e\u65e0\u7ebfLAN\u3001WAN\u4e0e\u6570\u636e\u4e2d\u5fc3\uff0c\u5e76\u7b5b\u9009\u4fe1\u606f\u7684\u89e3\u51b3\u65b9\u6848\u3002Cisco Prime Central for Hosted Collaboration Solution\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Prime Central for Hosted Collaboration Solution\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Prime Central for Hosted Collaboration Solution \u003c=10.6(1)"
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38927",
  "serverity": "\u4e2d",
  "submitTime": "2015-05-26",
  "title": "Cisco Prime Central for Hosted Collaboration Solution\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2015-0741 (GCVE-0-2015-0741)

Vulnerability from cvelistv5

Published

2015-05-21 10:00

Modified

2024-08-06 04:17

Severity ?

CWE

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/viewAlert.x?alertId=38927	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1032380	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/74754	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150520 Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38927"
          },
          {
            "name": "1032380",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032380"
          },
          {
            "name": "74754",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74754"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150520 Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38927"
        },
        {
          "name": "1032380",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032380"
        },
        {
          "name": "74754",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74754"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150520 Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38927"
            },
            {
              "name": "1032380",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032380"
            },
            {
              "name": "74754",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74754"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0741",
    "datePublished": "2015-05-21T10:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted