Sign-up

ID

VAR-201504-0270


CVE

CVE-2015-0690


TITLE

Cisco Wireless LAN Controller HTML Help System Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-02272 // CNNVD: CNNVD-201504-087

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCun95178

Trust: 2.52

sources: NVD: CVE-2015-0690 // JVNDB: JVNDB-2015-002104 // CNVD: CNVD-2015-02272 // BID: 73927 // VULHUB: VHN-78636

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-02272

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.4.121.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:7.6.100.0

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:lteversion:8.0.72.140

Trust: 1.0

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.0

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope:ltversion:8.0

Trust: 0.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.0.72.140

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:8.0.72.140

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.6.100.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:7.4.121.0

Trust: 0.3

sources: CNVD: CNVD-2015-02272 // BID: 73927 // JVNDB: JVNDB-2015-002104 // CNNVD: CNNVD-201504-087 // NVD: CVE-2015-0690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0690
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0690
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-02272
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201504-087
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78636
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0690
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-02272
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78636
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-02272 // VULHUB: VHN-78636 // JVNDB: JVNDB-2015-002104 // CNNVD: CNNVD-201504-087 // NVD: CVE-2015-0690

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78636 // JVNDB: JVNDB-2015-002104 // NVD: CVE-2015-0690

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-087

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201504-087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002104

PATCH
title:38222url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38222
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002104

EXTERNAL IDS
db:NVDid:CVE-2015-0690
Trust: 3.4
db:SECTRACKid:1032024
Trust: 1.1
db:JVNDBid:JVNDB-2015-002104
Trust: 0.8
db:CNNVDid:CNNVD-201504-087
Trust: 0.7
db:CNVDid:CNVD-2015-02272
Trust: 0.6
db:BIDid:73927
Trust: 0.4
db:VULHUBid:VHN-78636
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-02272 // 
            
            
            
            VULHUB: VHN-78636 // 
            
            
            
            BID: 73927 // 
            
            
            
            JVNDB: JVNDB-2015-002104 // 
            
            
            
            CNNVD: CNNVD-201504-087 // 
            
            
            
            NVD: CVE-2015-0690

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38222
Trust: 2.6
url:http://www.securitytracker.com/id/1032024
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0690
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0690
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6302/products_sub_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-02272 // 
            
            
            
            VULHUB: VHN-78636 // 
            
            
            
            BID: 73927 // 
            
            
            
            JVNDB: JVNDB-2015-002104 // 
            
            
            
            CNNVD: CNNVD-201504-087 // 
            
            
            
            NVD: CVE-2015-0690

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 73927

SOURCES
db:CNVDid:CNVD-2015-02272
db:VULHUBid:VHN-78636
db:BIDid:73927
db:JVNDBid:JVNDB-2015-002104
db:CNNVDid:CNNVD-201504-087
db:NVDid:CVE-2015-0690

LAST UPDATE DATE
2024-11-23T23:05:39.568000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-02272date:2015-04-10T00:00:00
db:VULHUBid:VHN-78636date:2015-09-29T00:00:00
db:BIDid:73927date:2015-04-06T00:00:00
db:JVNDBid:JVNDB-2015-002104date:2015-04-08T00:00:00
db:CNNVDid:CNNVD-201504-087date:2015-04-08T00:00:00
db:NVDid:CVE-2015-0690date:2024-11-21T02:23:32.647

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-02272date:2015-04-10T00:00:00
db:VULHUBid:VHN-78636date:2015-04-07T00:00:00
db:BIDid:73927date:2015-04-06T00:00:00
db:JVNDBid:JVNDB-2015-002104date:2015-04-08T00:00:00
db:CNNVDid:CNNVD-201504-087date:2015-04-08T00:00:00
db:NVDid:CVE-2015-0690date:2015-04-07T02:00:21.297