| Vulnerability Name: | CVE-2015-4242 (CCN-104427) | ||||||||
| Assigned: | 2015-07-07 | ||||||||
| Published: | 2015-07-07 | ||||||||
| Updated: | 2016-12-29 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-4242 Source: CCN Type: Cisco Vulnerability Alert 39643 Cisco FireSIGHT Management Center Cross-Site Request Forgery Vulnerability Source: CISCO Type: Vendor Advisory 20150707 Cisco FireSIGHT Management Center Cross-Site Request Forgery Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1032806 Source: XF Type: UNKNOWN cisco-firesight-cve20154242-csrf(104427) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||