Vulnerability-Lookup

CVE-2015-6423 (GCVE-0-2015-6423)

Vulnerability from cvelistv5 – Published: 2016-01-15 02:00 – Updated: 2024-08-06 07:22

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

CNVD-2016-00376

Vulnerability from cnvd - Published: 2016-01-20

Title

Cisco Adaptive Security Appliance Software安全绕过漏洞

Description

Cisco Adaptive Security Appliances是美国思科公司的一套防火墙设备。该设备还包括IPS、SSL VPN、IPSec VPN、反垃圾邮件等功能。 Cisco Adaptive Security Appliance Software存在安全绕过漏洞，允许远程攻击者可利用该漏洞绕过安全限制，执行未授权操作。

Severity

低

Patch Name

Cisco Adaptive Security Appliance Software安全绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.cisco.com/

Reference

http://www.securityfocus.com/bid/80249

Impacted products

Name
Cisco Adaptive Security Appliance Software 9.4.1-9.5.1

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "80249"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6423"
    }
  },
  "description": "Cisco Adaptive Security Appliances\u662f\u7f8e\u56fd\u601d\u79d1\u516c\u53f8\u7684\u4e00\u5957\u9632\u706b\u5899\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u8fd8\u5305\u62ecIPS\u3001SSL VPN\u3001IPSec VPN\u3001\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Adaptive Security Appliance Software\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.cisco.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00376",
  "openTime": "2016-01-20",
  "patchDescription": "Cisco Adaptive Security Appliances\u662f\u7f8e\u56fd\u601d\u79d1\u516c\u53f8\u7684\u4e00\u5957\u9632\u706b\u5899\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u8fd8\u5305\u62ecIPS\u3001SSL VPN\u3001IPSec VPN\u3001\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Adaptive Security Appliance Software\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Adaptive Security Appliance Software\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Adaptive Security Appliance Software 9.4.1-9.5.1"
  },
  "referenceLink": "http://www.securityfocus.com/bid/80249",
  "serverity": "\u4f4e",
  "submitTime": "2016-01-16",
  "title": "Cisco Adaptive Security Appliance Software\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

VAR-201601-0490

Vulnerability from variot - Updated: 2025-04-13 23:27

The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782. CiscoAdaptiveSecurityAppliances is a set of firewall devices from Cisco Systems, USA. The device also includes IPS, SSLVPN, IPSecVPN, anti-spam and other functions. CiscoAdaptiveSecurityApplianceSoftware has a security bypass vulnerability that allows a remote attacker to exploit the vulnerability to bypass security restrictions and perform unauthorized operations. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuu67782

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0490",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.4.1.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.5.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.4.1.3"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.4.1.5"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.4.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.4.2"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.4.1.2"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.4.1 to  9.5.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9.4.1-9.5.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6423"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:adaptive_security_appliance_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "80249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-6423",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CVE-2015-6423",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2016-00376",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "VHN-84384",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2015-6423",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-6423",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-6423",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-00376",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201601-277",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84384",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6423"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782. CiscoAdaptiveSecurityAppliances is a set of firewall devices from Cisco Systems, USA. The device also includes IPS, SSLVPN, IPSecVPN, anti-spam and other functions. CiscoAdaptiveSecurityApplianceSoftware has a security bypass vulnerability that allows a remote attacker to exploit the vulnerability to bypass security restrictions and perform unauthorized operations. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCuu67782",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6423"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "db": "BID",
        "id": "80249"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84384"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6423",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "80249",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1034644",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-84384",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84384"
      },
      {
        "db": "BID",
        "id": "80249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6423"
      }
    ]
  },
  "id": "VAR-201601-0490",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84384"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:27:26.740000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160111-asa",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa"
      },
      {
        "title": "CiscoAdaptiveSecurityApplianceSoftware Security Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/70254"
      },
      {
        "title": "Cisco Adaptive Security Appliance Software Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59613"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84384"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6423"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160111-asa"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/80249"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034644"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6423"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6423"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84384"
      },
      {
        "db": "BID",
        "id": "80249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6423"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84384"
      },
      {
        "db": "BID",
        "id": "80249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6423"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "date": "2016-01-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84384"
      },
      {
        "date": "2016-01-11T00:00:00",
        "db": "BID",
        "id": "80249"
      },
      {
        "date": "2016-01-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "date": "2016-01-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      },
      {
        "date": "2016-01-15T03:59:08.997000",
        "db": "NVD",
        "id": "CVE-2015-6423"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-01-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-00376"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84384"
      },
      {
        "date": "2016-02-11T07:36:00",
        "db": "BID",
        "id": "80249"
      },
      {
        "date": "2016-01-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      },
      {
        "date": "2016-01-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-6423"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Adaptive Security Appliance Software  DCERPC Inspection In the implementation of  DCERP Only allow  ACL Vulnerability to avoid",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006811"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201601-277"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2016-AVI-008

Vulnerability from certfr_avis - Published: 2016-01-11 - Updated: 2016-01-11

Une vulnérabilité a été corrigée dans Cisco Adaptive Security Appliance. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco ASA versions 9.4.1 à 9.5.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

GHSA-6R8J-2G36-V475

Vulnerability from github – Published: 2022-05-17 03:26 – Updated: 2022-05-17 03:26

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6423"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-01-15T03:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.",
  "id": "GHSA-6r8j-2g36-v475",
  "modified": "2022-05-17T03:26:33Z",
  "published": "2022-05-17T03:26:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6423"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034644"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2015-6423

Vulnerability from fkie_nvd - Published: 2016-01-15 03:59 - Updated: 2025-04-12 10:46

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1034644
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034644

Impacted products

Vendor	Product	Version
cisco	adaptive_security_appliance_software	9.4.1
cisco	adaptive_security_appliance_software	9.4.1.1
cisco	adaptive_security_appliance_software	9.4.1.2
cisco	adaptive_security_appliance_software	9.4.1.3
cisco	adaptive_security_appliance_software	9.4.1.5
cisco	adaptive_security_appliance_software	9.4.2
cisco	adaptive_security_appliance_software	9.5.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8870EB6E-DAE9-45F9-BBA5-2D20E5E00F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B313B0E-4200-427F-A156-1EDA681F439D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C49821-3BA5-4B44-84F5-113024FD030F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2011F264-53A5-4507-843B-46F66D285ADB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "290AA0BD-EDB0-4BA4-BF85-9CF29A1B7908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FB7BAF-7B3E-4091-A90B-FB19B38FFE74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E29F95F5-6957-46F0-A0A2-CCACBBA14F90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n DCERPC Inspection en Cisco Adaptive Security Appliance (ASA) Software 9.4.1 hasta la versi\u00f3n 9.5.1 permite a usuarios remotos autenticados eludir una ACL destinada a DCERPC-only mediante el env\u00edo de tr\u00e1fico de red arbitrario, tambi\u00e9n conocido como Bug ID CSCuu67782."
    }
  ],
  "id": "CVE-2015-6423",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-15T03:59:08.997",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1034644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034644"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-6423

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6423

Aliases

CVE-2015-6423

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6423",
    "description": "The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.",
    "id": "GSD-2015-6423"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6423"
      ],
      "details": "The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.",
      "id": "GSD-2015-6423",
      "modified": "2023-12-13T01:20:04.354250Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-6423",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160111 Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa"
          },
          {
            "name": "1034644",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034644"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6423"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160111 Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa"
            },
            {
              "name": "1034644",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034644"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-08-11T18:54Z",
      "publishedDate": "2016-01-15T03:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6423 (GCVE-0-2015-6423)

CNVD-2016-00376

VAR-201601-0490

CERTFR-2016-AVI-008

Solution

GHSA-6R8J-2G36-V475

FKIE_CVE-2015-6423

GSD-2015-6423

Tags

Sightings

Nomenclature