Sign-up

ID

VAR-201501-0215


CVE

CVE-2015-0577


TITLE

Cisco E Email Security Appliance and content Used by Security Management appliance AsyncOS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-001039

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. Vendors have confirmed this vulnerability Bug ID CSCus22925 and CSCup08113 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. Cisco AsyncOS is Cisco's custom operating system for the performance and security of all messaging applications. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCus22925 and CSCup08113. Cisco AsyncOS is an operating system used in these products

Trust: 2.52

sources: NVD: CVE-2015-0577 // JVNDB: JVNDB-2015-001039 // CNVD: CNVD-2015-00429 // BID: 72056 // VULHUB: VHN-78523

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-00429

AFFECTED PRODUCTS

vendor:ciscomodel:asyncosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:asyncosscope: - version: -

Trust: 0.8

vendor:ciscomodel:asyncos softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:content security management appliancescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-00429 // BID: 72056 // JVNDB: JVNDB-2015-001039 // CNNVD: CNNVD-201501-303 // NVD: CVE-2015-0577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0577
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0577
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-00429
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201501-303
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78523
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0577
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-00429
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78523
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-00429 // VULHUB: VHN-78523 // JVNDB: JVNDB-2015-001039 // CNNVD: CNNVD-201501-303 // NVD: CVE-2015-0577

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78523 // JVNDB: JVNDB-2015-001039 // NVD: CVE-2015-0577

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-303

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201501-303

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001039

PATCH
title:Cisco AsyncOS ISQ XSS Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0577
Trust: 0.8
title:Cisco AsyncOS has multiple patches for cross-site scripting vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/54144
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00429 // 
            
            
            
            JVNDB: JVNDB-2015-001039

EXTERNAL IDS
db:NVDid:CVE-2015-0577
Trust: 3.4
db:BIDid:72056
Trust: 2.0
db:SECUNIAid:62289
Trust: 1.1
db:SECTRACKid:1031544
Trust: 1.1
db:JVNDBid:JVNDB-2015-001039
Trust: 0.8
db:CNNVDid:CNNVD-201501-303
Trust: 0.7
db:CNVDid:CNVD-2015-00429
Trust: 0.6
db:VULHUBid:VHN-78523
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-00429 // 
            
            
            
            VULHUB: VHN-78523 // 
            
            
            
            BID: 72056 // 
            
            
            
            JVNDB: JVNDB-2015-001039 // 
            
            
            
            CNNVD: CNNVD-201501-303 // 
            
            
            
            NVD: CVE-2015-0577

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0577
Trust: 2.6
url:http://www.securityfocus.com/bid/72056
Trust: 1.1
url:http://www.securitytracker.com/id/1031544
Trust: 1.1
url:http://secunia.com/advisories/62289
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100556
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0577
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0577
Trust: 0.8
url:http://www.cisco.com/c/en/us/products/security/content-security-management-appliance/index.html
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00429 // 
            
            
            
            VULHUB: VHN-78523 // 
            
            
            
            BID: 72056 // 
            
            
            
            JVNDB: JVNDB-2015-001039 // 
            
            
            
            CNNVD: CNNVD-201501-303 // 
            
            
            
            NVD: CVE-2015-0577

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72056

SOURCES
db:CNVDid:CNVD-2015-00429
db:VULHUBid:VHN-78523
db:BIDid:72056
db:JVNDBid:JVNDB-2015-001039
db:CNNVDid:CNNVD-201501-303
db:NVDid:CVE-2015-0577

LAST UPDATE DATE
2024-11-23T22:49:24.460000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00429date:2015-01-20T00:00:00
db:VULHUBid:VHN-78523date:2017-09-08T00:00:00
db:BIDid:72056date:2015-01-13T00:00:00
db:JVNDBid:JVNDB-2015-001039date:2015-01-19T00:00:00
db:CNNVDid:CNNVD-201501-303date:2015-01-15T00:00:00
db:NVDid:CVE-2015-0577date:2024-11-21T02:23:21.030

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-00429date:2015-01-20T00:00:00
db:VULHUBid:VHN-78523date:2015-01-14T00:00:00
db:BIDid:72056date:2015-01-13T00:00:00
db:JVNDBid:JVNDB-2015-001039date:2015-01-19T00:00:00
db:CNNVDid:CNNVD-201501-303date:2015-01-15T00:00:00
db:NVDid:CVE-2015-0577date:2015-01-14T19:59:01.600