| Vulnerability Name: | CVE-2015-0739 (CCN-103220) | ||||||||
| Assigned: | 2015-05-18 | ||||||||
| Published: | 2015-05-18 | ||||||||
| Updated: | 2017-01-06 | ||||||||
| Summary: | The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-0739 Source: CCN Type: Cisco Vulnerability Alert 38905 Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability Source: CISCO Type: Vendor Advisory 20150518 Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability Source: BID Type: Third Party Advisory, VDB Entry 74709 Source: CCN Type: BID-74709 Cisco Sourcefire 3D System Lights-Out Management CVE-2015-0739 Arbitrary File Upload Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1032359 Source: XF Type: UNKNOWN cisco-sourcefire-cve20150739-file-upload(103220) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||