Details of VAR-201507-0242

ID

VAR-201507-0242

CVE

CVE-2015-0732

TITLE

plural Cisco Security Runs on the appliance AsyncOS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-003943

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. Vendors have confirmed this vulnerability Bug ID CSCuu37430 , CSCuu37420 , CSCut71981 and CSCuv50167 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. ESA is a set of email security devices. Content SMA is a set of content security management devices. A cross-site scripting vulnerability exists in multiple Cisco product web management interfaces. The program failed to fully validate the parameters. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. The vulnerability is caused by the program's insufficient validation of parameters

Trust: 2.52

sources: NVD: CVE-2015-0732 // JVNDB: JVNDB-2015-003943 // CNVD: CNVD-2015-05073 // BID: 76053 // VULHUB: VHN-78678

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05073

AFFECTED PRODUCTS

vendor:	cisco	model:	email security appliance	scope:	eq	version:	9.1.0-032	Trust: 3.1
vendor:	cisco	model:	email security appliance	scope:	eq	version:	9.1.1-000	Trust: 3.1
vendor:	cisco	model:	email security appliance	scope:	eq	version:	9.6.0-000	Trust: 3.1
vendor:	cisco	model:	email security appliance	scope:	eq	version:	8.5.6-113	Trust: 2.8
vendor:	cisco	model:	web security appliance	scope:	eq	version:	9.0.0-193	Trust: 2.5
vendor:	cisco	model:	content security management virtual appliance	scope:	eq	version:	9.1.0-033	Trust: 1.6
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	9.1.0-033	Trust: 0.9
vendor:	cisco	model:	asyncos	scope:	eq	version:	8.5.6-113 (cisco e email security the appliance )	Trust: 0.8
vendor:	cisco	model:	asyncos	scope:	eq	version:	9.0.0-193 (cisco web security the appliance )	Trust: 0.8
vendor:	cisco	model:	asyncos	scope:	eq	version:	9.1.0-032 (cisco e email security the appliance )	Trust: 0.8
vendor:	cisco	model:	asyncos	scope:	eq	version:	9.1.0-033 (cisco content security management appliance )	Trust: 0.8
vendor:	cisco	model:	asyncos	scope:	eq	version:	9.1.1-000 (cisco e email security the appliance )	Trust: 0.8
vendor:	cisco	model:	asyncos	scope:	eq	version:	9.6.0-000 (cisco e email security the appliance )	Trust: 0.8
vendor:	cisco	model:	e email security the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	web security the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	content security management appliance	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2015-05073 // BID: 76053 // JVNDB: JVNDB-2015-003943 // CNNVD: CNNVD-201507-775 // NVD: CVE-2015-0732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0732
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0732
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-05073
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201507-775
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78678
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0732
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05073
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78678
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05073 // VULHUB: VHN-78678 // JVNDB: JVNDB-2015-003943 // CNNVD: CNNVD-201507-775 // NVD: CVE-2015-0732

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-78678 // JVNDB: JVNDB-2015-003943 // NVD: CVE-2015-0732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-775

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201507-775

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003943

PATCH

title:	40172	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=40172	Trust: 0.8
title:	Patch for Multiple Cisco Product Cross-Site Scripting Vulnerabilities (CNVD-2015-05073)	url:	https://www.cnvd.org.cn/patchInfo/show/61823	Trust: 0.6

sources: CNVD: CNVD-2015-05073 // JVNDB: JVNDB-2015-003943

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0732	Trust: 3.4
db:	BID	id:	76053	Trust: 1.6
db:	SECTRACK	id:	1033087	Trust: 1.1
db:	SECTRACK	id:	1033086	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003943	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-775	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05073	Trust: 0.6
db:	VULHUB	id:	VHN-78678	Trust: 0.1

sources: CNVD: CNVD-2015-05073 // VULHUB: VHN-78678 // BID: 76053 // JVNDB: JVNDB-2015-003943 // CNNVD: CNNVD-201507-775 // NVD: CVE-2015-0732

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40172	Trust: 2.6
url:	http://www.securitytracker.com/id/1033086	Trust: 1.1
url:	http://www.securitytracker.com/id/1033087	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0732	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0732	Trust: 0.8
url:	http://www.securityfocus.com/bid/76053	Trust: 0.6
url:	http://www.cisco.com/c/en/us/products/security/content-security-management-appliance/index.html	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-05073 // VULHUB: VHN-78678 // BID: 76053 // JVNDB: JVNDB-2015-003943 // CNNVD: CNNVD-201507-775 // NVD: CVE-2015-0732

CREDITS

Cisco

Trust: 0.9

sources: BID: 76053 // CNNVD: CNNVD-201507-775

SOURCES

db:	CNVD	id:	CNVD-2015-05073
db:	VULHUB	id:	VHN-78678
db:	BID	id:	76053
db:	JVNDB	id:	JVNDB-2015-003943
db:	CNNVD	id:	CNNVD-201507-775
db:	NVD	id:	CVE-2015-0732

LAST UPDATE DATE

2024-11-23T23:02:40.721000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05073	date:	2015-08-03T00:00:00
db:	VULHUB	id:	VHN-78678	date:	2018-10-30T00:00:00
db:	BID	id:	76053	date:	2015-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-003943	date:	2015-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201507-775	date:	2015-07-29T00:00:00
db:	NVD	id:	CVE-2015-0732	date:	2024-11-21T02:23:37.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05073	date:	2015-08-03T00:00:00
db:	VULHUB	id:	VHN-78678	date:	2015-07-29T00:00:00
db:	BID	id:	76053	date:	2015-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-003943	date:	2015-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201507-775	date:	2015-07-29T00:00:00
db:	NVD	id:	CVE-2015-0732	date:	2015-07-29T01:59:00.093