Details of VAR-201309-0019

ID

VAR-201309-0019

CVE

CVE-2012-5990

TITLE

Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) vulnerable to cross-site scripting (XSS)

Trust: 0.8

sources: CERT/CC: VU#830316

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud18375. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML into user pages

Trust: 2.7

sources: NVD: CVE-2012-5990 // CERT/CC: VU#830316 // JVNDB: JVNDB-2013-003956 // BID: 62143 // VULHUB: VHN-59271

AFFECTED PRODUCTS

vendor:	cisco	model:	prime network control system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	wireless control system	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	wireless control system	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime network control system software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless control system	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#830316 // BID: 62143 // JVNDB: JVNDB-2013-003956 // CNNVD: CNNVD-201308-561 // NVD: CVE-2012-5990

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2012-5990
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2012-5990
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201308-561
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-59271
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5990
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2012-5990
severity:	MEDIUM
baseScore:	5.8
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-59271
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#830316 // VULHUB: VHN-59271 // JVNDB: JVNDB-2013-003956 // CNNVD: CNNVD-201308-561 // NVD: CVE-2012-5990

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 2.7

sources: CERT/CC: VU#830316 // VULHUB: VHN-59271 // JVNDB: JVNDB-2013-003956 // NVD: CVE-2012-5990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-561

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201308-561

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003956

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#830316

PATCH

title:

Cisco Release Note Enclosure (RNE) CSCud1837

url:

https://tools.cisco.com/bugsearch/bug/CSCud18375

Trust: 0.8

sources: JVNDB: JVNDB-2013-003956

EXTERNAL IDS

db:	CERT/CC	id:	VU#830316	Trust: 3.3
db:	NVD	id:	CVE-2012-5990	Trust: 2.8
db:	BID	id:	62143	Trust: 1.0
db:	JVN	id:	JVNVU99198922	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-003956	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-561	Trust: 0.7
db:	VULHUB	id:	VHN-59271	Trust: 0.1

sources: CERT/CC: VU#830316 // VULHUB: VHN-59271 // BID: 62143 // JVNDB: JVNDB-2013-003956 // CNNVD: CNNVD-201308-561 // NVD: CVE-2012-5990

REFERENCES

url:	http://www.kb.cert.org/vuls/id/830316	Trust: 2.5
url:	https://tools.cisco.com/bugsearch/bug/cscud18375	Trust: 1.6
url:	http://cwe.mitre.org/data/definitions/79.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5990	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu99198922/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5990	Trust: 0.8
url:	http://www.securityfocus.com/bid/62143	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CERT/CC: VU#830316 // VULHUB: VHN-59271 // BID: 62143 // JVNDB: JVNDB-2013-003956 // CNNVD: CNNVD-201308-561 // NVD: CVE-2012-5990

CREDITS

Tenable Network Security

Trust: 0.9

sources: BID: 62143 // CNNVD: CNNVD-201308-561

SOURCES

db:	CERT/CC	id:	VU#830316
db:	VULHUB	id:	VHN-59271
db:	BID	id:	62143
db:	JVNDB	id:	JVNDB-2013-003956
db:	CNNVD	id:	CNNVD-201308-561
db:	NVD	id:	CVE-2012-5990

LAST UPDATE DATE

2024-09-09T23:01:00.134000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#830316	date:	2013-09-13T00:00:00
db:	VULHUB	id:	VHN-59271	date:	2013-09-06T00:00:00
db:	BID	id:	62143	date:	2013-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-003956	date:	2013-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201308-561	date:	2013-09-09T00:00:00
db:	NVD	id:	CVE-2012-5990	date:	2013-09-06T17:57:57.037

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#830316	date:	2013-09-03T00:00:00
db:	VULHUB	id:	VHN-59271	date:	2013-09-06T00:00:00
db:	BID	id:	62143	date:	2013-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-003956	date:	2013-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201308-561	date:	2013-09-05T00:00:00
db:	NVD	id:	CVE-2012-5990	date:	2013-09-06T11:15:35.370