CVE-2015-4308

The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:C/I:N/A:N

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=40434	Vendor Advisory
http://www.securityfocus.com/bid/76349	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033280	Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=40434	Vendor Advisory
http://www.securityfocus.com/bid/76349	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033280	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:edge_bluebird_operating_system:1.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-08-19 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-4308

Mitre link : CVE-2015-4308

CVE.ORG link : CVE-2015-4308

JSON object : View

Products Affected

cisco

edge_bluebird_operating_system

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-4308", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-08-19T15:59:04.913", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40434", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.securityfocus.com/bid/76349", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id/1033280", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40434", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/76349", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1033280", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968."}, {"lang": "es", "value": "Vulnerabilidad en el componente de exportaci\u00f3n de la configuraci\u00f3n webGUI en Cisco Edge Bluebird Operating System 1.2 en dispositivos Edge 340, permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como Bug ID CSCuu43968."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:edge_bluebird_operating_system:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDEC47BA-176F-4B92-BD35-0BCC4D29A013"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}