Lucene search

CiscoCVE-2015-6389

HistoryDec 13, 2015 - 3:59 a.m.

CVE-2015-6389

2015-12-1303:59:01

CWE-287

cisco

web.nvd.nist.gov

cisco

prime

collaboration

assurance

11.0

hardcoded account

vulnerability

ssh

remote access

nvd

cve-2015-6389

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

77.7%

JSON

Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account’s password, aka Bug ID CSCus62707.

Affected configurations

Nvd

Node

ciscoprime_collaboration_assuranceMatch10.5.1

ciscoprime_collaboration_assuranceMatch10.6.0

VendorProductVersionCPE
ciscoprime_collaboration_assurance10.5.1cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.1:*:*:*:*:*:*:*
ciscoprime_collaboration_assurance10.6.0cpe:2.3:a:cisco:prime_collaboration_assurance:10.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_assurance	10.5.1	cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.1:::::::*
cisco	prime_collaboration_assurance	10.6.0	cpe:2.3:a:cisco:prime_collaboration_assurance:10.6.0:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca

www.securityfocus.com/bid/78738

www.securitytracker.com/id/1034361

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

77.7%

JSON

Related for CVE-2015-6389