Sign-up

ID

VAR-201505-0175


CVE

CVE-2015-0729


TITLE

Cisco Secure Access Control Server Solution Engine Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-002711

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the the affected site. This may allow the attacker to compromise the application; other attacks are also possible. This issue being tracked by Cisco Bug ID CSCuu11005. This solution provides functions such as centralized management of access types, devices, and user groups for accessing network resources

Trust: 1.98

sources: NVD: CVE-2015-0729 // JVNDB: JVNDB-2015-002711 // BID: 74667 // VULHUB: VHN-78675

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control serverscope:eqversion:5.5\(0.1\)

Trust: 1.6

vendor:ciscomodel:secure access control server softwarescope:eqversion:5.5(0.1)

Trust: 0.8

sources: JVNDB: JVNDB-2015-002711 // CNNVD: CNNVD-201505-257 // NVD: CVE-2015-0729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0729
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0729
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-257
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78675
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0729
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78675
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78675 // JVNDB: JVNDB-2015-002711 // CNNVD: CNNVD-201505-257 // NVD: CVE-2015-0729

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78675 // JVNDB: JVNDB-2015-002711 // NVD: CVE-2015-0729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-257

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-257

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002711

PATCH
title:38864url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38864
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002711

EXTERNAL IDS
db:NVDid:CVE-2015-0729
Trust: 2.8
db:SECTRACKid:1032338
Trust: 1.1
db:JVNDBid:JVNDB-2015-002711
Trust: 0.8
db:CNNVDid:CNNVD-201505-257
Trust: 0.7
db:BIDid:74667
Trust: 0.4
db:VULHUBid:VHN-78675
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78675 // 
            
            
            
            BID: 74667 // 
            
            
            
            JVNDB: JVNDB-2015-002711 // 
            
            
            
            CNNVD: CNNVD-201505-257 // 
            
            
            
            NVD: CVE-2015-0729

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38864
Trust: 1.7
url:http://www.securitytracker.com/id/1032338
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0729
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0729
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78675 // 
            
            
            
            BID: 74667 // 
            
            
            
            JVNDB: JVNDB-2015-002711 // 
            
            
            
            CNNVD: CNNVD-201505-257 // 
            
            
            
            NVD: CVE-2015-0729

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74667

SOURCES
db:VULHUBid:VHN-78675
db:BIDid:74667
db:JVNDBid:JVNDB-2015-002711
db:CNNVDid:CNNVD-201505-257
db:NVDid:CVE-2015-0729

LAST UPDATE DATE
2024-11-23T23:12:43.125000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78675date:2017-01-06T00:00:00
db:BIDid:74667date:2015-05-14T00:00:00
db:JVNDBid:JVNDB-2015-002711date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-257date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0729date:2024-11-21T02:23:36.840

SOURCES RELEASE DATE
db:VULHUBid:VHN-78675date:2015-05-16T00:00:00
db:BIDid:74667date:2015-05-14T00:00:00
db:JVNDBid:JVNDB-2015-002711date:2015-05-19T00:00:00
db:CNNVDid:CNNVD-201505-257date:2015-05-18T00:00:00
db:NVDid:CVE-2015-0729date:2015-05-16T14:59:03.093