CVE-2015-0705

Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38461	Vendor Advisory
http://www.securityfocus.com/bid/74258	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032335	Third Party Advisory VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_meetingplace:8.6\(1.9\):*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-04-22 01:59

Updated : 2023-12-10 11:31

NVD link : CVE-2015-0705

Mitre link : CVE-2015-0705

CVE.ORG link : CVE-2015-0705

JSON object : View

Products Affected

cisco

unified_meetingplace

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2015-0705", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-04-22T01:59:01.413", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38461", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/74258", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032335", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en los endpoints SOAP API del directorio de servicios web en Cisco Unified MeetingPlace 8.6(1.9) permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que crean cuentas administrativas, tambi\u00e9n conocido como Bug ID CSCus97494."}], "lastModified": "2017-01-06T15:30:25.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.6\\(1.9\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C47E11F-0218-4C33-B59D-8854640B3204"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}