Sign-up

ID

VAR-201510-0023


CVE

CVE-2015-6346


TITLE

Cisco Secure Access Control Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-005683

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuw24710

Trust: 1.98

sources: NVD: CVE-2015-6346 // JVNDB: JVNDB-2015-005683 // BID: 77396 // VULHUB: VHN-84307

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control serverscope:eqversion:5.7.0.15

Trust: 1.6

vendor:ciscomodel:secure access control server softwarescope:eqversion:5.7(0.15)

Trust: 0.8

vendor:ciscomodel:secure access control serverscope:eqversion:5.7(0.15)

Trust: 0.3

sources: BID: 77396 // JVNDB: JVNDB-2015-005683 // CNNVD: CNNVD-201510-780 // NVD: CVE-2015-6346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6346
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6346
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-780
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84307
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6346
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84307
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84307 // JVNDB: JVNDB-2015-005683 // CNNVD: CNNVD-201510-780 // NVD: CVE-2015-6346

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-84307 // JVNDB: JVNDB-2015-005683 // NVD: CVE-2015-6346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-780

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201510-780

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005683

PATCH
title:cisco-sa-20151023-acs_xssurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-005683

EXTERNAL IDS
db:NVDid:CVE-2015-6346
Trust: 2.8
db:SECTRACKid:1033969
Trust: 1.1
db:JVNDBid:JVNDB-2015-005683
Trust: 0.8
db:CNNVDid:CNNVD-201510-780
Trust: 0.7
db:BIDid:77396
Trust: 0.4
db:VULHUBid:VHN-84307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84307 // 
            
            
            
            BID: 77396 // 
            
            
            
            JVNDB: JVNDB-2015-005683 // 
            
            
            
            CNNVD: CNNVD-201510-780 // 
            
            
            
            NVD: CVE-2015-6346

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151023-acs_xss
Trust: 2.0
url:http://www.securitytracker.com/id/1033969
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6346
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6346
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84307 // 
            
            
            
            BID: 77396 // 
            
            
            
            JVNDB: JVNDB-2015-005683 // 
            
            
            
            CNNVD: CNNVD-201510-780 // 
            
            
            
            NVD: CVE-2015-6346

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77396

SOURCES
db:VULHUBid:VHN-84307
db:BIDid:77396
db:JVNDBid:JVNDB-2015-005683
db:CNNVDid:CNNVD-201510-780
db:NVDid:CVE-2015-6346

LAST UPDATE DATE
2024-11-23T22:22:52.754000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84307date:2016-12-07T00:00:00
db:BIDid:77396date:2015-10-26T00:00:00
db:JVNDBid:JVNDB-2015-005683date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-780date:2015-11-02T00:00:00
db:NVDid:CVE-2015-6346date:2024-11-21T02:34:49.620

SOURCES RELEASE DATE
db:VULHUBid:VHN-84307date:2015-10-30T00:00:00
db:BIDid:77396date:2015-10-26T00:00:00
db:JVNDBid:JVNDB-2015-005683date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-780date:2015-10-30T00:00:00
db:NVDid:CVE-2015-6346date:2015-10-30T10:59:03.603