Sign-up

ID

VAR-201307-0227


CVE

CVE-2013-3440


TITLE

Cisco Unified Operations Manager Management Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003496

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186. Vendors have confirmed this vulnerability Bug ID CSCud80186 It is released as.By any third party Web Script or HTML Inserted and fraudulently protected C ookie May get you. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud80186. It provides a real-time service status view of the entire Cisco Unified Communications system, showing the current operational status of each component

Trust: 1.98

sources: NVD: CVE-2013-3440 // JVNDB: JVNDB-2013-003496 // BID: 61414 // VULHUB: VHN-63442

AFFECTED PRODUCTS

vendor:ciscomodel:unified operations managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified operations managerscope:eqversion:8.6

Trust: 1.1

sources: BID: 61414 // JVNDB: JVNDB-2013-003496 // CNNVD: CNNVD-201307-490 // NVD: CVE-2013-3440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3440
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3440
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-490
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63442
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3440
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63442
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63442 // JVNDB: JVNDB-2013-003496 // CNNVD: CNNVD-201307-490 // NVD: CVE-2013-3440

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63442 // JVNDB: JVNDB-2013-003496 // NVD: CVE-2013-3440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-490

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-490

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003496

PATCH
title:Cisco Unified Operations Manager Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440
Trust: 0.8
title:30175url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30175
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003496

EXTERNAL IDS
db:NVDid:CVE-2013-3440
Trust: 2.8
db:BIDid:61414
Trust: 1.4
db:OSVDBid:95584
Trust: 1.1
db:SECTRACKid:1028819
Trust: 1.1
db:JVNDBid:JVNDB-2013-003496
Trust: 0.8
db:CNNVDid:CNNVD-201307-490
Trust: 0.7
db:CISCOid:20130722 CISCO UNIFIED OPERATIONS MANAGER CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-63442
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63442 // 
            
            
            
            BID: 61414 // 
            
            
            
            JVNDB: JVNDB-2013-003496 // 
            
            
            
            CNNVD: CNNVD-201307-490 // 
            
            
            
            NVD: CVE-2013-3440

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3440
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30175
Trust: 1.4
url:http://www.securityfocus.com/bid/61414
Trust: 1.1
url:http://osvdb.org/95584
Trust: 1.1
url:http://www.securitytracker.com/id/1028819
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3440
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3440
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps6535/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63442 // 
            
            
            
            BID: 61414 // 
            
            
            
            JVNDB: JVNDB-2013-003496 // 
            
            
            
            CNNVD: CNNVD-201307-490 // 
            
            
            
            NVD: CVE-2013-3440

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61414

SOURCES
db:VULHUBid:VHN-63442
db:BIDid:61414
db:JVNDBid:JVNDB-2013-003496
db:CNNVDid:CNNVD-201307-490
db:NVDid:CVE-2013-3440

LAST UPDATE DATE
2024-08-14T14:06:45.849000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63442date:2017-11-18T00:00:00
db:BIDid:61414date:2013-07-23T00:00:00
db:JVNDBid:JVNDB-2013-003496date:2013-07-24T00:00:00
db:CNNVDid:CNNVD-201307-490date:2013-07-24T00:00:00
db:NVDid:CVE-2013-3440date:2017-11-18T02:29:00.900

SOURCES RELEASE DATE
db:VULHUBid:VHN-63442date:2013-07-23T00:00:00
db:BIDid:61414date:2013-07-23T00:00:00
db:JVNDBid:JVNDB-2013-003496date:2013-07-24T00:00:00
db:CNNVDid:CNNVD-201307-490date:2013-07-24T00:00:00
db:NVDid:CVE-2013-3440date:2013-07-23T17:20:53.237