cvelistv5 - cve-2015-4259

CVE-2015-4259 (GCVE-0-2015-4259)

Vulnerability from cvelistv5

Published

2015-07-10 15:00

Modified

2024-08-06 06:11

Severity ?

CWE

Summary

References

URL

Tags

psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39803	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032872	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39803	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032872	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032872",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032872"
          },
          {
            "name": "20150709 Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032872",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032872"
        },
        {
          "name": "20150709 Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4259",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032872",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032872"
            },
            {
              "name": "20150709 Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4259",
    "datePublished": "2015-07-10T15:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-4259\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-07-10T15:59:03.277\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.\"},{\"lang\":\"es\",\"value\":\"El Controlador Integrado de Gesti\u00f3n en Cisco Unified Computing System (UCS) C Servers con la versi\u00f3n de software 1.5 (3) y 1.6 (0.16) posee un certificado SSL por defecto que facilita al atacante que use man-in-the-middle eludir los mecanismos de protecci\u00f3n de cifrado mediante la obtenci\u00f3n de la clave privada. Tambi\u00e9n conocido como Bug ID de CSCum56133 y CSCum56177.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_computing_system:1.5\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96382BFD-F32C-4308-8761-8B103501908B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_computing_system:1.6\\\\(0.16\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82111421-6A5E-4AAC-9B73-611E82AA1BD4\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=39803\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032872\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=39803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

fkie_cve-2015-4259

Vulnerability from fkie_nvd

Published

2015-07-10 15:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39803	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032872	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39803	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032872	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	cisco	unified_computing_system	1.5\(3\)
	cisco	unified_computing_system	1.6\(0.16\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.5\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "96382BFD-F32C-4308-8761-8B103501908B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.6\\(0.16\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82111421-6A5E-4AAC-9B73-611E82AA1BD4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177."
    },
    {
      "lang": "es",
      "value": "El Controlador Integrado de Gesti\u00f3n en Cisco Unified Computing System (UCS) C Servers con la versi\u00f3n de software 1.5 (3) y 1.6 (0.16) posee un certificado SSL por defecto que facilita al atacante que use man-in-the-middle eludir los mecanismos de protecci\u00f3n de cifrado mediante la obtenci\u00f3n de la clave privada. Tambi\u00e9n conocido como Bug ID de CSCum56133 y CSCum56177."
    }
  ],
  "id": "CVE-2015-4259",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-10T15:59:03.277",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032872"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177. Vendors have confirmed this vulnerability Bug ID CSCum56133 and CSCum56177 It is released as.Man-in-the-middle attacks (man-in-the-middle attack) By using the private key information, the encryption protection mechanism may be bypassed. Cisco Unified Computing System C-Series is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. This issue is being tracked by Cisco Bug IDs CSCum56133 and CSCum56177. Integrated Management Controller (IMC) is a set of management tools used in it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0544",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.6\\(0.16\\)"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.5\\(3\\)"
      },
      {
        "model": "unified computing system software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.5(3)"
      },
      {
        "model": "unified computing system software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.6(0.16)"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1.6(0.16)"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1.5(3)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75688"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4259"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:unified_computing_system_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "75688"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4259",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-4259",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-82220",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-4259",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-4259",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-335",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82220",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82220"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4259"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177. Vendors have confirmed this vulnerability Bug ID CSCum56133 and CSCum56177 It is released as.Man-in-the-middle attacks (man-in-the-middle attack) By using the private key information, the encryption protection mechanism may be bypassed. Cisco Unified Computing System C-Series is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform  unauthorized actions by conducting a man-in-the-middle attack. This may   lead to other attacks. \nThis issue is being tracked by Cisco Bug IDs CSCum56133 and  CSCum56177. Integrated Management Controller (IMC) is a set of management tools used in it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4259"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "db": "BID",
        "id": "75688"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82220"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4259",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032872",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-335",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "75688",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-82220",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82220"
      },
      {
        "db": "BID",
        "id": "75688"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4259"
      }
    ]
  },
  "id": "VAR-201507-0544",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82220"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:38:47.763000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39803",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82220"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4259"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39803"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032872"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4259"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4259"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82220"
      },
      {
        "db": "BID",
        "id": "75688"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4259"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82220"
      },
      {
        "db": "BID",
        "id": "75688"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4259"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82220"
      },
      {
        "date": "2015-07-09T00:00:00",
        "db": "BID",
        "id": "75688"
      },
      {
        "date": "2015-07-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "date": "2015-07-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      },
      {
        "date": "2015-07-10T15:59:03.277000",
        "db": "NVD",
        "id": "CVE-2015-4259"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82220"
      },
      {
        "date": "2015-07-09T00:00:00",
        "db": "BID",
        "id": "75688"
      },
      {
        "date": "2015-07-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      },
      {
        "date": "2024-11-21T02:30:43.450000",
        "db": "NVD",
        "id": "CVE-2015-4259"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Computing System C-Series Runs on server software  Integrated Management Controller Vulnerabilities that bypass cryptographic protection mechanisms",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003554"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-335"
      }
    ],
    "trust": 0.6
  }
}

ghsa-cq2w-9r84-5hfm

Vulnerability from github

Published

2022-05-17 03:14

Modified

2022-05-17 03:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4259"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-10T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.",
  "id": "GHSA-cq2w-9r84-5hfm",
  "modified": "2022-05-17T03:14:12Z",
  "published": "2022-05-17T03:14:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4259"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032872"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2015-4259

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2015-4259

Aliases

CVE-2015-4259

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4259",
    "description": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.",
    "id": "GSD-2015-4259"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4259"
      ],
      "details": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.",
      "id": "GSD-2015-4259",
      "modified": "2023-12-13T01:19:59.055329Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4259",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032872",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032872"
          },
          {
            "name": "20150709 Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:1.5\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:1.6\\(0.16\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4259"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150709 Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803"
            },
            {
              "name": "1032872",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032872"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-28T16:53Z",
      "publishedDate": "2015-07-10T15:59Z"
    }
  }
}

cnvd-2015-04471

Vulnerability from cnvd

Title

Cisco Unified Computing System C Integrated Management Controller安全绕过漏洞

Description

Cisco Unified Computing System（UCS）C server是美国思科（Cisco）公司的统一计算系统（UCS）C系列服务器。Integrated Management Controller（IMC）是用于其中的一套管理工具，它支持HTTP、SSH访问等，并可对服务器进行开机、关机和重启等操作。 Cisco Unified Computing System C Integrated Management Controller存在安全绕过漏洞，该漏洞源于程序使用默认的SSL证书。攻击者可借助已知的私钥利用该漏洞实施中间人攻击，绕过加密保护机制。

Severity

中

Formal description

目前没有详细的解决方案提供： http://www.cisco.com/

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39803

Impacted products

Name
['Cisco Unified Computing System (UCS) 1.5(3)', 'Cisco Unified Computing System (UCS) 1.6(0.16)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4259"
    }
  },
  "description": "Cisco Unified Computing System\uff08UCS\uff09C server\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u7edf\u4e00\u8ba1\u7b97\u7cfb\u7edf\uff08UCS\uff09C\u7cfb\u5217\u670d\u52a1\u5668\u3002Integrated Management Controller\uff08IMC\uff09\u662f\u7528\u4e8e\u5176\u4e2d\u7684\u4e00\u5957\u7ba1\u7406\u5de5\u5177\uff0c\u5b83\u652f\u6301HTTP\u3001SSH\u8bbf\u95ee\u7b49\uff0c\u5e76\u53ef\u5bf9\u670d\u52a1\u5668\u8fdb\u884c\u5f00\u673a\u3001\u5173\u673a\u548c\u91cd\u542f\u7b49\u64cd\u4f5c\u3002\r\n\r\nCisco Unified Computing System C Integrated Management Controller\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u9ed8\u8ba4\u7684SSL\u8bc1\u4e66\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5df2\u77e5\u7684\u79c1\u94a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u7ed5\u8fc7\u52a0\u5bc6\u4fdd\u62a4\u673a\u5236\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.cisco.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04471",
  "openTime": "2015-07-15",
  "products": {
    "product": [
      "Cisco Unified Computing System (UCS) 1.5(3)",
      "Cisco Unified Computing System (UCS) 1.6(0.16)"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39803",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-14",
  "title": "Cisco Unified Computing System C Integrated Management Controller\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-4259 (GCVE-0-2015-4259)

Vulnerability from cvelistv5

fkie_cve-2015-4259

Vulnerability from fkie_nvd

var-201507-0544

Vulnerability from variot

ghsa-cq2w-9r84-5hfm

Vulnerability from github

gsd-2015-4259

Vulnerability from gsd

cnvd-2015-04471

Vulnerability from cnvd

Tags

Sightings

Nomenclature