VAR-201502-0144
Vulnerability from variot - Updated: 2023-12-18 12:30The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. Vendors have confirmed this vulnerability Bug ID CSCun74174 It is released as.By a remotely authenticated user device-recovery By using the authentication, there is a possibility of obtaining the same authority as the help desk. The Cisco TelePresence IX5000 Series is the industry's first three-screen product to support H.265. An unauthorized access vulnerability exists in the Cisco TelePresence IX5000 Series that could allow an attacker to gain unauthorized access. TelePresence IX5000 Series is prone to an unauthorized-access vulnerability. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCus74174. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect. A remote attacker can exploit this vulnerability to obtain the HelpDesk-equivalent permission
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence system software ix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.0"
},
{
"model": "telepresence system software ix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.1"
},
{
"model": "telepresence ix5000",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "telepresence ix5200",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "telepresence system software ix",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "8 (.0.1)"
},
{
"model": "telepresence ix5000 series",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"db": "NVD",
"id": "CVE-2015-0611"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:telepresence_system_software_ix:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:telepresence_system_software_ix:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:telepresence_ix5200:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:telepresence_ix5000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0611"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "72568"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0611",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0611",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-01134",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-78557",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0611",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-01134",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-270",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78557",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"db": "VULHUB",
"id": "VHN-78557"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"db": "NVD",
"id": "CVE-2015-0611"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account\u0027s access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. Vendors have confirmed this vulnerability Bug ID CSCun74174 It is released as.By a remotely authenticated user device-recovery By using the authentication, there is a possibility of obtaining the same authority as the help desk. The Cisco TelePresence IX5000 Series is the industry\u0027s first three-screen product to support H.265. An unauthorized access vulnerability exists in the Cisco TelePresence IX5000 Series that could allow an attacker to gain unauthorized access. TelePresence IX5000 Series is prone to an unauthorized-access vulnerability. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCus74174. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect. A remote attacker can exploit this vulnerability to obtain the HelpDesk-equivalent permission",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0611"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"db": "BID",
"id": "72568"
},
{
"db": "VULHUB",
"id": "VHN-78557"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0611",
"trust": 3.4
},
{
"db": "BID",
"id": "72568",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1031733",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-270",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01134",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78557",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"db": "VULHUB",
"id": "VHN-78557"
},
{
"db": "BID",
"id": "72568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"db": "NVD",
"id": "CVE-2015-0611"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
]
},
"id": "VAR-201502-0144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"db": "VULHUB",
"id": "VHN-78557"
}
],
"trust": 1.2625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01134"
}
]
},
"last_update_date": "2023-12-18T12:30:27.455000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco TelePresence IX5000 Series Web Management Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0611"
},
{
"title": "37430",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37430"
},
{
"title": "Cisco TelePresence IX5000 Series Unauthorized Access Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55389"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78557"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"db": "NVD",
"id": "CVE-2015-0611"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37430"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0611"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/72568"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031733"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100806"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0611"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0611"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72568/info"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"db": "VULHUB",
"id": "VHN-78557"
},
{
"db": "BID",
"id": "72568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"db": "NVD",
"id": "CVE-2015-0611"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"db": "VULHUB",
"id": "VHN-78557"
},
{
"db": "BID",
"id": "72568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"db": "NVD",
"id": "CVE-2015-0611"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"date": "2015-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-78557"
},
{
"date": "2015-02-10T00:00:00",
"db": "BID",
"id": "72568"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"date": "2015-02-12T01:59:27.187000",
"db": "NVD",
"id": "CVE-2015-0611"
},
{
"date": "2015-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01134"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78557"
},
{
"date": "2015-02-16T00:04:00",
"db": "BID",
"id": "72568"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001481"
},
{
"date": "2017-09-08T01:29:46.387000",
"db": "NVD",
"id": "CVE-2015-0611"
},
{
"date": "2015-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence IX5000 Run on device Cisco IX For managing web-management Vulnerability to obtain the same authority as the help desk in the portal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001481"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-270"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…