Sign-up

ID

VAR-201504-0276


CVE

CVE-2015-0696


TITLE

Cisco TelePresence Collaboration Desk and Room Endpoints Runs on the device Cisco TC Software login page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002289

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977. Vendors have confirmed this vulnerability Bug ID CSCuq94977 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue being tracked by Cisco Bug ID CSCuq94977. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2015-0696 // JVNDB: JVNDB-2015-002289 // BID: 74155 // VULHUB: VHN-78642

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.2

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.2

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.1

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.2-cucm

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.0-cucm

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3_base

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1_base

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.1-cucm

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.1-cucm

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.1

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.0

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.0-cucm

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0_base

Trust: 1.0

vendor:ciscomodel:telepresencescope:eqversion:collaboration desk

Trust: 0.8

vendor:ciscomodel:telepresencescope:eqversion:collaboration room endpoints

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:ltversion:7.1.0

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.1.2-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.1.1-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.1.0-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.0.1-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence tc software 6.0.0-cucmscope: - version: -

Trust: 0.3

vendor:ciscomodel:collaboration room endpointsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:collaboration desk endpointsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:neversion:7.2

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:neversion:7.1

Trust: 0.3

sources: BID: 74155 // JVNDB: JVNDB-2015-002289 // CNNVD: CNNVD-201504-274 // NVD: CVE-2015-0696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0696
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0696
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-274
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78642
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0696
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78642
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78642 // JVNDB: JVNDB-2015-002289 // CNNVD: CNNVD-201504-274 // NVD: CVE-2015-0696

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78642 // JVNDB: JVNDB-2015-002289 // NVD: CVE-2015-0696

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-274

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201504-274

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002289

PATCH
title:38349url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38349
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002289

EXTERNAL IDS
db:NVDid:CVE-2015-0696
Trust: 2.8
db:SECTRACKid:1032137
Trust: 1.1
db:JVNDBid:JVNDB-2015-002289
Trust: 0.8
db:CNNVDid:CNNVD-201504-274
Trust: 0.7
db:BIDid:74155
Trust: 0.4
db:VULHUBid:VHN-78642
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78642 // 
            
            
            
            BID: 74155 // 
            
            
            
            JVNDB: JVNDB-2015-002289 // 
            
            
            
            CNNVD: CNNVD-201504-274 // 
            
            
            
            NVD: CVE-2015-0696

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38349
Trust: 2.0
url:http://www.securitytracker.com/id/1032137
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0696
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0696
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/collaboration-endpoints/smart-desk-endpoints/index.html
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/collaboration-endpoints/collaboration-room-endpoints/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78642 // 
            
            
            
            BID: 74155 // 
            
            
            
            JVNDB: JVNDB-2015-002289 // 
            
            
            
            CNNVD: CNNVD-201504-274 // 
            
            
            
            NVD: CVE-2015-0696

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74155

SOURCES
db:VULHUBid:VHN-78642
db:BIDid:74155
db:JVNDBid:JVNDB-2015-002289
db:CNNVDid:CNNVD-201504-274
db:NVDid:CVE-2015-0696

LAST UPDATE DATE
2024-11-23T22:45:57.947000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78642date:2017-01-06T00:00:00
db:BIDid:74155date:2015-04-15T00:00:00
db:JVNDBid:JVNDB-2015-002289date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-274date:2015-04-16T00:00:00
db:NVDid:CVE-2015-0696date:2024-11-21T02:23:33.337

SOURCES RELEASE DATE
db:VULHUBid:VHN-78642date:2015-04-15T00:00:00
db:BIDid:74155date:2015-04-15T00:00:00
db:JVNDBid:JVNDB-2015-002289date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-274date:2015-04-16T00:00:00
db:NVDid:CVE-2015-0696date:2015-04-15T10:59:02.423