CVE-2015-6419

CVSS V2 Medium 6.8 CVSS V3 None

Description

Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410.

Overview

CVE ID
CVE-2015-6419

Assigner
ykramarz@cisco.com

Vulnerability Status
Modified

Published Version
2015-12-12T16:59:02

Last Modified Date
2016-11-28T19:39:15

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:cisco:firesight_system_software:4.10.3:::::::*	1	OR
cpe:2.3:a:cisco:firesight_system_software:5.2.0:::::::*	1	OR
cpe:2.3:a:cisco:firesight_system_software:5.3.0:::::::*	1	OR
cpe:2.3:a:cisco:firesight_system_software:5.3.1:::::::*	1	OR
cpe:2.3:a:cisco:firesight_system_software:5.4.0:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:S/C:C/I:N/A:N

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
SINGLE

Confidentiality Impact
COMPLETE

Integrity Impact
NONE

Availability Impact
NONE

Base Score
6.8

Severity
MEDIUM

Exploitability Score
8

Impact Score
6.9

References

Reference URL	Reference Tags
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc	Vendor Advisory
http://www.securityfocus.com/bid/79033

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2015-6419
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6419

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 10:05:45				Added to TrackCVE
2022-12-02 07:33:36	psirt@cisco.com	ykramarz@cisco.com	CVE Assigner	updated
2022-12-02 07:33:36	2015-12-12T16:59Z	2015-12-12T16:59:02	CVE Published Date	updated
2022-12-02 07:33:36		2016-11-28T19:39:15	CVE Modified Date	updated
2022-12-02 07:33:36		Modified	Vulnerability Status	updated