Vulnerability Description
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Videoscape Distribution Suite Service Manager | 3.0.0 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/78871
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/78871
FAQ
What is CVE-2015-6417?
CVE-2015-6417 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to databas...
How severe is CVE-2015-6417?
CVE-2015-6417 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6417?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Videoscape Distribution Suite Service Manager.