CVE-2015-4262
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
Vulnerabilidad en la funcionalidad password-change en Cisco Unified MeetingPlace Web Conferencing en versiones anteriores a la 8.5(5) MR3 y 8.6 anteriores a la 8.6(2), no comprueba el ID de sesión o exige el ingreso de la contraseña actual, lo cual permite a atacantes remotos reiniciar arbitrariamente las contraseñas a través de una petición HTTP manipulada, también conocido como Bug ID CSCuu51839.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-06-04 CVE Reserved
- 2015-07-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1033024 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp | 2017-09-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 6.0.417.0 Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "6.0.417.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 6.0_base Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "6.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 7.0\(1\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "7.0\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 7.0\(2\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "7.0\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 7.0\(2\)_sr1 Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "7.0\(2\)_sr1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 7.0\(3\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "7.0\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 7.1\(1\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "7.1\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 7.1\(2\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "7.1\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.0\(1\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.0\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.0\(1\)_sr1 Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.0\(1\)_sr1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.0\(2\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.0\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.5\(1\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.5\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.5\(2\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.5\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.5\(2\)_sr1 Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.5\(2\)_sr1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.5\(2\)_sr2 Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.5\(2\)_sr2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.5\(3\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.5\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Meetingplace Web Conferencing Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" | 8.5\(4\) Search vendor "Cisco" for product "Unified Meetingplace Web Conferencing" and version "8.5\(4\)" | - |
Affected
| ||||||