Sign-up

ID

VAR-201311-0073


CVE

CVE-2013-3394


TITLE

Cisco Prime Network Registrar of Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005311

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh41429. The product provides services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS) and IP Address Management (IPAM)

Trust: 1.98

sources: NVD: CVE-2013-3394 // JVNDB: JVNDB-2013-005311 // BID: 63942 // VULHUB: VHN-63396

AFFECTED PRODUCTS

vendor:ciscomodel:prime network registrarscope:lteversion:8.1

Trust: 1.8

vendor:ciscomodel:prime network registrarscope:eqversion:8.0

Trust: 1.6

vendor:ciscomodel:prime network registrarscope:eqversion:8.1

Trust: 0.6

sources: JVNDB: JVNDB-2013-005311 // CNNVD: CNNVD-201311-419 // NVD: CVE-2013-3394

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3394
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3394
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201311-419
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63396
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3394
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63396
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63396 // JVNDB: JVNDB-2013-005311 // CNNVD: CNNVD-201311-419 // NVD: CVE-2013-3394

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63396 // JVNDB: JVNDB-2013-005311 // NVD: CVE-2013-3394

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-419

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201311-419

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005311

PATCH
title:Cisco Prime Network Registrar Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3394
Trust: 0.8
title:31921url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31921
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005311

EXTERNAL IDS
db:NVDid:CVE-2013-3394
Trust: 2.8
db:JVNDBid:JVNDB-2013-005311
Trust: 0.8
db:CNNVDid:CNNVD-201311-419
Trust: 0.7
db:CISCOid:20131126 CISCO PRIME NETWORK REGISTRAR CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:63942
Trust: 0.4
db:VULHUBid:VHN-63396
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63396 // 
            
            
            
            BID: 63942 // 
            
            
            
            JVNDB: JVNDB-2013-005311 // 
            
            
            
            CNNVD: CNNVD-201311-419 // 
            
            
            
            NVD: CVE-2013-3394

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3394
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31921
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3394
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3394
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63396 // 
            
            
            
            BID: 63942 // 
            
            
            
            JVNDB: JVNDB-2013-005311 // 
            
            
            
            CNNVD: CNNVD-201311-419 // 
            
            
            
            NVD: CVE-2013-3394

CREDITS
Marcos M. Garcia (@artsweb)
Trust: 0.3
sources:
            
            
            BID: 63942

SOURCES
db:VULHUBid:VHN-63396
db:BIDid:63942
db:JVNDBid:JVNDB-2013-005311
db:CNNVDid:CNNVD-201311-419
db:NVDid:CVE-2013-3394

LAST UPDATE DATE
2024-08-14T15:30:17.861000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63396date:2013-11-27T00:00:00
db:BIDid:63942date:2013-12-10T00:27:00
db:JVNDBid:JVNDB-2013-005311date:2013-11-28T00:00:00
db:CNNVDid:CNNVD-201311-419date:2013-11-29T00:00:00
db:NVDid:CVE-2013-3394date:2013-11-27T15:21:52.307

SOURCES RELEASE DATE
db:VULHUBid:VHN-63396date:2013-11-27T00:00:00
db:BIDid:63942date:2013-11-26T00:00:00
db:JVNDBid:JVNDB-2013-005311date:2013-11-28T00:00:00
db:CNNVDid:CNNVD-201311-419date:2013-11-29T00:00:00
db:NVDid:CVE-2013-3394date:2013-11-27T04:43:33.060