Sign-up

ID

VAR-201507-0500


CVE

CVE-2015-4270


TITLE

Cisco FireSIGHT system Software cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2015-003643 // CNNVD: CNNVD-201507-365

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. Cisco FireSIGHT system The software contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability CSCuv22557 , CSCuv22583 , CSCuv22632 , CSCuv22641 , CSCuv22650 , CSCuv22662 , CSCuv22697 ,and CSCuv22702 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted. Cisco FireSIGHT System Software is a set of management center software of Cisco (Cisco), which supports centralized management of the network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services

Trust: 1.71

sources: NVD: CVE-2015-4270 // JVNDB: JVNDB-2015-003643 // VULHUB: VHN-82231

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.5

Trust: 2.4

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 2.4

sources: JVNDB: JVNDB-2015-003643 // CNNVD: CNNVD-201507-365 // NVD: CVE-2015-4270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4270
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4270
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-365
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82231
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4270
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82231
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82231 // JVNDB: JVNDB-2015-003643 // CNNVD: CNNVD-201507-365 // NVD: CVE-2015-4270

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-82231 // JVNDB: JVNDB-2015-003643 // NVD: CVE-2015-4270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-365

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201507-365

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003643

PATCH
title:39879url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39879
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003643

EXTERNAL IDS
db:NVDid:CVE-2015-4270
Trust: 2.5
db:SECTRACKid:1032887
Trust: 1.1
db:JVNDBid:JVNDB-2015-003643
Trust: 0.8
db:CNNVDid:CNNVD-201507-365
Trust: 0.7
db:VULHUBid:VHN-82231
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82231 // 
            
            
            
            JVNDB: JVNDB-2015-003643 // 
            
            
            
            CNNVD: CNNVD-201507-365 // 
            
            
            
            NVD: CVE-2015-4270

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39879
Trust: 1.7
url:http://www.securitytracker.com/id/1032887
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4270
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4270
Trust: 0.8
sources:
            
            
            VULHUB: VHN-82231 // 
            
            
            
            JVNDB: JVNDB-2015-003643 // 
            
            
            
            CNNVD: CNNVD-201507-365 // 
            
            
            
            NVD: CVE-2015-4270

SOURCES
db:VULHUBid:VHN-82231
db:JVNDBid:JVNDB-2015-003643
db:CNNVDid:CNNVD-201507-365
db:NVDid:CVE-2015-4270

LAST UPDATE DATE
2024-11-23T22:38:47.852000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82231date:2016-12-28T00:00:00
db:JVNDBid:JVNDB-2015-003643date:2015-07-17T00:00:00
db:CNNVDid:CNNVD-201507-365date:2015-07-15T00:00:00
db:NVDid:CVE-2015-4270date:2024-11-21T02:30:44.453

SOURCES RELEASE DATE
db:VULHUBid:VHN-82231date:2015-07-14T00:00:00
db:JVNDBid:JVNDB-2015-003643date:2015-07-17T00:00:00
db:CNNVDid:CNNVD-201507-365date:2015-07-15T00:00:00
db:NVDid:CVE-2015-4270date:2015-07-14T17:59:05.337