CVE-2015-0673

{"id": "CVE-2015-0673", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-26T10:59:16.503", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38007", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1031971", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792."}, {"lang": "es", "value": "Cisco Mobility Services Engine (MSE) 8.0(110.0) permite a usuarios remotos autenticados descubrir las contrase\u00f1as de usuarios arbitrarios mediante (1) la lectura de ficheros de registros o (2) el uso de una caracter\u00edstica de la GUI no especificada, tambi\u00e9n conocido como Bug ID CSCut24792."}], "lastModified": "2015-09-04T18:58:56.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mobility_services_engine:8.0\\(110.0\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EBDC0B5-1FB5-4C5B-97AA-6ADD5D351924"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}