Details of VAR-201505-0194

ID

VAR-201505-0194

CVE

CVE-2015-0752

TITLE

Cisco TelePresence Video Communication Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-002876

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue being tracked by Cisco Bug ID CSCut27635

Trust: 1.98

sources: NVD: CVE-2015-0752 // JVNDB: JVNDB-2015-002876 // BID: 74848 // VULHUB: VHN-78698

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8.5.1	Trust: 1.9
vendor:	cisco	model:	telepresence video communication server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.5.1	Trust: 0.8

sources: BID: 74848 // JVNDB: JVNDB-2015-002876 // CNNVD: CNNVD-201505-580 // NVD: CVE-2015-0752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0752
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0752
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-580
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78698
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0752
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78698
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78698 // JVNDB: JVNDB-2015-002876 // CNNVD: CNNVD-201505-580 // NVD: CVE-2015-0752

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-78698 // JVNDB: JVNDB-2015-002876 // NVD: CVE-2015-0752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-580

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-580

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002876

PATCH

title:

39012

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39012

Trust: 0.8

sources: JVNDB: JVNDB-2015-002876

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0752	Trust: 2.8
db:	SECTRACK	id:	1032421	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002876	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-580	Trust: 0.7
db:	SECUNIA	id:	64649	Trust: 0.6
db:	BID	id:	74848	Trust: 0.4
db:	VULHUB	id:	VHN-78698	Trust: 0.1

sources: VULHUB: VHN-78698 // BID: 74848 // JVNDB: JVNDB-2015-002876 // CNNVD: CNNVD-201505-580 // NVD: CVE-2015-0752

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39012	Trust: 2.0
url:	http://www.securitytracker.com/id/1032421	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0752	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0752	Trust: 0.8
url:	http://secunia.com/advisories/64649	Trust: 0.6
url:	http://www.cisco.com/c/en/us/products/unified-communications/telepresence-video-communication-server-vcs/index.html	Trust: 0.3

sources: VULHUB: VHN-78698 // BID: 74848 // JVNDB: JVNDB-2015-002876 // CNNVD: CNNVD-201505-580 // NVD: CVE-2015-0752

CREDITS

Cisco

Trust: 0.3

sources: BID: 74848

SOURCES

db:	VULHUB	id:	VHN-78698
db:	BID	id:	74848
db:	JVNDB	id:	JVNDB-2015-002876
db:	CNNVD	id:	CNNVD-201505-580
db:	NVD	id:	CVE-2015-0752

LAST UPDATE DATE

2024-11-23T22:22:55.061000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78698	date:	2017-01-04T00:00:00
db:	BID	id:	74848	date:	2015-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-002876	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-580	date:	2015-06-01T00:00:00
db:	NVD	id:	CVE-2015-0752	date:	2024-11-21T02:23:39.210

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78698	date:	2015-05-29T00:00:00
db:	BID	id:	74848	date:	2015-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-002876	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-580	date:	2015-05-29T00:00:00
db:	NVD	id:	CVE-2015-0752	date:	2015-05-29T15:59:06.483