Sign-up

ID

VAR-201507-0498


CVE

CVE-2015-4268


TITLE

Cisco Identity Services Engine of Infra Admin UI Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-003642

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCus16052. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2015-4268 // JVNDB: JVNDB-2015-003642 // BID: 75728 // VULHUB: VHN-82229

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(1.198\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3\(0.876\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3(0.876)

Trust: 1.1

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2(1.198)

Trust: 1.1

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

sources: BID: 75728 // JVNDB: JVNDB-2015-003642 // CNNVD: CNNVD-201507-364 // NVD: CVE-2015-4268

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4268
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4268
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-364
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82229
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4268
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82229
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82229 // JVNDB: JVNDB-2015-003642 // CNNVD: CNNVD-201507-364 // NVD: CVE-2015-4268

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-82229 // JVNDB: JVNDB-2015-003642 // NVD: CVE-2015-4268

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-364

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201507-364

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003642

PATCH
title:39873url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39873
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003642

EXTERNAL IDS
db:NVDid:CVE-2015-4268
Trust: 2.8
db:SECTRACKid:1032889
Trust: 1.1
db:JVNDBid:JVNDB-2015-003642
Trust: 0.8
db:CNNVDid:CNNVD-201507-364
Trust: 0.7
db:BIDid:75728
Trust: 0.4
db:VULHUBid:VHN-82229
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82229 // 
            
            
            
            BID: 75728 // 
            
            
            
            JVNDB: JVNDB-2015-003642 // 
            
            
            
            CNNVD: CNNVD-201507-364 // 
            
            
            
            NVD: CVE-2015-4268

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39873
Trust: 2.0
url:http://www.securitytracker.com/id/1032889
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4268
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4268
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps11640/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82229 // 
            
            
            
            BID: 75728 // 
            
            
            
            JVNDB: JVNDB-2015-003642 // 
            
            
            
            CNNVD: CNNVD-201507-364 // 
            
            
            
            NVD: CVE-2015-4268

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75728

SOURCES
db:VULHUBid:VHN-82229
db:BIDid:75728
db:JVNDBid:JVNDB-2015-003642
db:CNNVDid:CNNVD-201507-364
db:NVDid:CVE-2015-4268

LAST UPDATE DATE
2024-11-23T22:34:57.387000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82229date:2016-12-28T00:00:00
db:BIDid:75728date:2015-07-13T00:00:00
db:JVNDBid:JVNDB-2015-003642date:2015-07-17T00:00:00
db:CNNVDid:CNNVD-201507-364date:2015-07-15T00:00:00
db:NVDid:CVE-2015-4268date:2024-11-21T02:30:44.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-82229date:2015-07-14T00:00:00
db:BIDid:75728date:2015-07-13T00:00:00
db:JVNDBid:JVNDB-2015-003642date:2015-07-17T00:00:00
db:CNNVDid:CNNVD-201507-364date:2015-07-15T00:00:00
db:NVDid:CVE-2015-4268date:2015-07-14T17:59:04.290