Details of VAR-201307-0202

ID

VAR-201307-0202

CVE

CVE-2013-3416

TITLE

Cisco Unified Operations Manager and Unified Service Monitor Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003328

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997. Vendors have confirmed this vulnerability Bug ID CSCuh47574 and CSCuh95997 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco bug IDs CSCuh47574 and CSCuh95997

Trust: 1.98

sources: NVD: CVE-2013-3416 // JVNDB: JVNDB-2013-003328 // BID: 61071 // VULHUB: VHN-63418

AFFECTED PRODUCTS

vendor:	cisco	model:	unified service monitor	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified operations manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified service monitor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unified service monitor	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unified operations manager	scope:	eq	version:	8.0	Trust: 0.3

sources: BID: 61071 // JVNDB: JVNDB-2013-003328 // CNNVD: CNNVD-201307-215 // NVD: CVE-2013-3416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3416
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3416
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-215
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63418
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3416
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63418
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63418 // JVNDB: JVNDB-2013-003328 // CNNVD: CNNVD-201307-215 // NVD: CVE-2013-3416

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-63418 // JVNDB: JVNDB-2013-003328 // NVD: CVE-2013-3416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-215

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-215

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003328

PATCH

title:	Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416	Trust: 0.8
title:	30008	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30008	Trust: 0.8

sources: JVNDB: JVNDB-2013-003328

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3416	Trust: 2.8
db:	SECTRACK	id:	1028766	Trust: 1.1
db:	SECTRACK	id:	1028765	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003328	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-215	Trust: 0.7
db:	CISCO	id:	20130709 CISCO UNIFIED COMMUNICATIONS MANAGEMENT PRODUCTS CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	BID	id:	61071	Trust: 0.4
db:	VULHUB	id:	VHN-63418	Trust: 0.1

sources: VULHUB: VHN-63418 // BID: 61071 // JVNDB: JVNDB-2013-003328 // CNNVD: CNNVD-201307-215 // NVD: CVE-2013-3416

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3416	Trust: 1.7
url:	http://www.securitytracker.com/id/1028765	Trust: 1.1
url:	http://www.securitytracker.com/id/1028766	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3416	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3416	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-63418 // BID: 61071 // JVNDB: JVNDB-2013-003328 // CNNVD: CNNVD-201307-215 // NVD: CVE-2013-3416

CREDITS

Cisco

Trust: 0.3

sources: BID: 61071

SOURCES

db:	VULHUB	id:	VHN-63418
db:	BID	id:	61071
db:	JVNDB	id:	JVNDB-2013-003328
db:	CNNVD	id:	CNNVD-201307-215
db:	NVD	id:	CVE-2013-3416

LAST UPDATE DATE

2024-08-14T15:35:13.362000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63418	date:	2013-08-20T00:00:00
db:	BID	id:	61071	date:	2013-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-003328	date:	2013-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201307-215	date:	2013-07-18T00:00:00
db:	NVD	id:	CVE-2013-3416	date:	2013-08-20T03:23:33.263

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63418	date:	2013-07-10T00:00:00
db:	BID	id:	61071	date:	2013-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-003328	date:	2013-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201307-215	date:	2013-07-18T00:00:00
db:	NVD	id:	CVE-2013-3416	date:	2013-07-10T21:55:00.947