CVE-2015-6411

Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-fmc	Vendor Advisory
http://www.securityfocus.com/bid/78740

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:firepower_management_center:5.4.1.3:::::::*
	cpe:2.3:a:cisco:firepower_management_center:6.0.0:::::::*
	cpe:2.3:a:cisco:firepower_management_center:6.0.1:::::::*

History

No history.

Information

Published : 2015-12-15 05:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-6411

Mitre link : CVE-2015-6411

CVE.ORG link : CVE-2015-6411

JSON object : View

Products Affected

cisco

firepower_management_center

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-6411", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-12-15T05:59:06.857", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-fmc", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/78740", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061."}, {"lang": "es", "value": "Cisco FirePOWER Management Center 5.4.1.3, 6.0.0 y 6.0.1 proporciona respuestas detalladas a las solicitudes de los archivos de ayuda, lo que permite a atacantes remotos obtener informaci\u00f3n de la versi\u00f3n potencialmente sensible mediante la lectura de un campo no especificado, tambi\u00e9n conocido como Bug ID CSCux37061."}], "lastModified": "2016-11-28T19:39:09.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AB2B7A7-DDE5-4544-9488-345E03B0F49D"}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6FFC36B-7EC9-48C2-87B0-E267EBF04779"}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5C15D62-A995-4AEC-BB9C-6CFE3104902D"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}