Sign-up

ID

VAR-201506-0158


CVE

CVE-2015-0766


TITLE

FireSIGHT system Software Management Center Managing components Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002945

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. Vendors have confirmed this vulnerability Bug ID CSCus93566 , CSCut31557 ,and CSCut47196 It is released as.By any third party through any unspecified field Web Script or HTML May be inserted. The Cisco FireSIGHT Management Center centrally manages the network security and operational capabilities of Cisco ASA and Cisco FirePOWER Network Security appliances with FirePOWER Services. An attacker can exploit these vulnerabilities to execute arbitrary HTML script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or perform unauthorized actions. Other attacks are also possible. Cisco FireSIGHT System Software 6.0.0 is vulnerable. This issue being tracked by Cisco Bug ID's CSCus93566, CSCut31557 and CSCut47196

Trust: 2.61

sources: NVD: CVE-2015-0766 // JVNDB: JVNDB-2015-002945 // CNVD: CNVD-2015-03672 // BID: 75003 // VULHUB: VHN-78712 // VULMON: CVE-2015-0766

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03672

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 3.3

sources: CNVD: CNVD-2015-03672 // BID: 75003 // JVNDB: JVNDB-2015-002945 // CNNVD: CNNVD-201506-055 // NVD: CVE-2015-0766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0766
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0766
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03672
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-055
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78712
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-0766
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0766
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-03672
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78712
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-03672 // VULHUB: VHN-78712 // VULMON: CVE-2015-0766 // JVNDB: JVNDB-2015-002945 // CNNVD: CNNVD-201506-055 // NVD: CVE-2015-0766

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78712 // JVNDB: JVNDB-2015-002945 // NVD: CVE-2015-0766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-055

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-055

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002945

PATCH
title:39171url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39171
Trust: 0.8
title:Patch for Cisco FireSIGHT System Software Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/59420
Trust: 0.6
title:Cisco: Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150603-CVE-2015-0766
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03672 // 
            
            
            
            VULMON: CVE-2015-0766 // 
            
            
            
            JVNDB: JVNDB-2015-002945

EXTERNAL IDS
db:NVDid:CVE-2015-0766
Trust: 3.5
db:SECTRACKid:1032482
Trust: 1.2
db:BIDid:75003
Trust: 1.1
db:JVNDBid:JVNDB-2015-002945
Trust: 0.8
db:CNNVDid:CNNVD-201506-055
Trust: 0.7
db:CNVDid:CNVD-2015-03672
Trust: 0.6
db:VULHUBid:VHN-78712
Trust: 0.1
db:VULMONid:CVE-2015-0766
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03672 // 
            
            
            
            VULHUB: VHN-78712 // 
            
            
            
            VULMON: CVE-2015-0766 // 
            
            
            
            BID: 75003 // 
            
            
            
            JVNDB: JVNDB-2015-002945 // 
            
            
            
            CNNVD: CNNVD-201506-055 // 
            
            
            
            NVD: CVE-2015-0766

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39171
Trust: 2.7
url:http://www.securitytracker.com/id/1032482
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0766
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0766
Trust: 0.8
url:http://www.cisco.com/c/en/us/products/security/firesight-management-center/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/75003
Trust: 0.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150603-cve-2015-0766
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03672 // 
            
            
            
            VULHUB: VHN-78712 // 
            
            
            
            VULMON: CVE-2015-0766 // 
            
            
            
            BID: 75003 // 
            
            
            
            JVNDB: JVNDB-2015-002945 // 
            
            
            
            CNNVD: CNNVD-201506-055 // 
            
            
            
            NVD: CVE-2015-0766

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75003

SOURCES
db:CNVDid:CNVD-2015-03672
db:VULHUBid:VHN-78712
db:VULMONid:CVE-2015-0766
db:BIDid:75003
db:JVNDBid:JVNDB-2015-002945
db:CNNVDid:CNNVD-201506-055
db:NVDid:CVE-2015-0766

LAST UPDATE DATE
2024-11-23T23:02:40.970000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03672date:2015-06-10T00:00:00
db:VULHUBid:VHN-78712date:2017-01-04T00:00:00
db:VULMONid:CVE-2015-0766date:2017-01-04T00:00:00
db:BIDid:75003date:2015-06-03T00:00:00
db:JVNDBid:JVNDB-2015-002945date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-055date:2015-06-05T00:00:00
db:NVDid:CVE-2015-0766date:2024-11-21T02:23:40.737

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03672date:2015-06-10T00:00:00
db:VULHUBid:VHN-78712date:2015-06-04T00:00:00
db:VULMONid:CVE-2015-0766date:2015-06-04T00:00:00
db:BIDid:75003date:2015-06-03T00:00:00
db:JVNDBid:JVNDB-2015-002945date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-055date:2015-06-05T00:00:00
db:NVDid:CVE-2015-0766date:2015-06-04T10:59:06.863