Details of VAR-201506-0170

ID

VAR-201506-0170

CVE

CVE-2015-0737

TITLE

Cisco FireSIGHT system Software cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2015-003068 // CNNVD: CNNVD-201506-215

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099. Cisco FireSIGHT system The software contains a cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuu11099. Cisco FireSIGHT System Software is a set of management center software of Cisco (Cisco), which supports centralized management of the network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services

Trust: 2.07

sources: NVD: CVE-2015-0737 // JVNDB: JVNDB-2015-003068 // BID: 75064 // VULHUB: VHN-78683 // VULMON: CVE-2015-0737

AFFECTED PRODUCTS

vendor:

cisco

model:

firesight system software

scope:

version:

5.3.1.1

Trust: 2.7

sources: BID: 75064 // JVNDB: JVNDB-2015-003068 // CNNVD: CNNVD-201506-215 // NVD: CVE-2015-0737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0737
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0737
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201506-215
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78683
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-0737
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0737
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-78683
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78683 // VULMON: CVE-2015-0737 // JVNDB: JVNDB-2015-003068 // CNNVD: CNNVD-201506-215 // NVD: CVE-2015-0737

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-78683 // JVNDB: JVNDB-2015-003068 // NVD: CVE-2015-0737

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-215

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-215

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003068

PATCH

title:	38883	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38883	Trust: 0.8
title:	Cisco: Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150608-CVE-2015-0737	Trust: 0.1

sources: VULMON: CVE-2015-0737 // JVNDB: JVNDB-2015-003068

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0737	Trust: 2.9
db:	SECTRACK	id:	1032518	Trust: 1.2
db:	BID	id:	75064	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-003068	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-215	Trust: 0.7
db:	VULHUB	id:	VHN-78683	Trust: 0.1
db:	VULMON	id:	CVE-2015-0737	Trust: 0.1

sources: VULHUB: VHN-78683 // VULMON: CVE-2015-0737 // BID: 75064 // JVNDB: JVNDB-2015-003068 // CNNVD: CNNVD-201506-215 // NVD: CVE-2015-0737

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38883	Trust: 2.1
url:	http://www.securitytracker.com/id/1032518	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0737	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0737	Trust: 0.8
url:	http://www.securityfocus.com/bid/75064	Trust: 0.6
url:	http://www.cisco.com/c/en/us/products/security/firesight-management-center/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150608-cve-2015-0737	Trust: 0.1

sources: VULHUB: VHN-78683 // VULMON: CVE-2015-0737 // BID: 75064 // JVNDB: JVNDB-2015-003068 // CNNVD: CNNVD-201506-215 // NVD: CVE-2015-0737

CREDITS

Cisco

Trust: 0.9

sources: BID: 75064 // CNNVD: CNNVD-201506-215

SOURCES

db:	VULHUB	id:	VHN-78683
db:	VULMON	id:	CVE-2015-0737
db:	BID	id:	75064
db:	JVNDB	id:	JVNDB-2015-003068
db:	CNNVD	id:	CNNVD-201506-215
db:	NVD	id:	CVE-2015-0737

LAST UPDATE DATE

2024-11-23T22:45:57.333000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78683	date:	2017-01-04T00:00:00
db:	VULMON	id:	CVE-2015-0737	date:	2017-01-04T00:00:00
db:	BID	id:	75064	date:	2015-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-003068	date:	2015-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201506-215	date:	2015-06-15T00:00:00
db:	NVD	id:	CVE-2015-0737	date:	2024-11-21T02:23:37.683

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78683	date:	2015-06-12T00:00:00
db:	VULMON	id:	CVE-2015-0737	date:	2015-06-12T00:00:00
db:	BID	id:	75064	date:	2015-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-003068	date:	2015-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201506-215	date:	2015-06-11T00:00:00
db:	NVD	id:	CVE-2015-0737	date:	2015-06-12T10:59:00.243