CVE-2015-4263
published 2015-07-10CVE-2015-4263: The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information…
PriorityP416medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.50%
71.1th percentile
The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | mobility_services_engine | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_cisco4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-33jh-9x8q-p7j7: The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10
ghsa_unreviewed·2022-05-17
CVE-2015-4263 [MEDIUM] CWE-200 GHSA-33jh-9x8q-p7j7: The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10
The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851.
Cisco
Cisco Mobility Services Engine Control And Provisioning Information Disclosure Vulnerability
vendor_cisco·2015-07-10·CVSS 4.0
CVE-2015-4263 [MEDIUM] CWE-200 Cisco Mobility Services Engine Control And Provisioning Information Disclosure Vulnerability
Cisco Mobility Services Engine Control And Provisioning Information Disclosure Vulnerability
A vulnerability in the Control And Provisioning of the Cisco Mobility Services Engine (MSE) could allow an authenticated, remote attacker to have read access to sensitive information stored on an affected system.
The vulnerability is due to the inclusion of sensitive information in certain log files. An attacker could exploit this by viewing the sensitive information stored in the vulnerable log files.
Cisco has confirmed the vulnerability; however, software updates are not available.
To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that function
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-07-10
Published