Details of VAR-201510-0030

ID

VAR-201510-0030

CVE

CVE-2015-6353

TITLE

Cisco FireSight Management Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-005717

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922. Cisco FireSight Management Center (MC) Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuu28922, CSCuv62998, and CSCuv63012

Trust: 1.98

sources: NVD: CVE-2015-6353 // JVNDB: JVNDB-2015-005717 // BID: 77367 // VULHUB: VHN-84314

AFFECTED PRODUCTS

vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.3.1.5	Trust: 2.4
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.4.0.4	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.4.0.1	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.4.1	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.4.1.2	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.4.1.3	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.4.0	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.4.1.3 for up to 5.4.x	Trust: 0.8
vendor:	cisco	model:	firesight management center	scope:	eq	version:	5.4.0	Trust: 0.3
vendor:	cisco	model:	firesight management center	scope:	eq	version:	5.3.1.5	Trust: 0.3

sources: BID: 77367 // JVNDB: JVNDB-2015-005717 // CNNVD: CNNVD-201510-801 // NVD: CVE-2015-6353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6353
value:	LOW
Trust: 1.0
NVD:	CVE-2015-6353
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201510-801
value:	LOW
Trust: 0.6
VULHUB:	VHN-84314
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-6353
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84314
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84314 // JVNDB: JVNDB-2015-005717 // CNNVD: CNNVD-201510-801 // NVD: CVE-2015-6353

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-84314 // JVNDB: JVNDB-2015-005717 // NVD: CVE-2015-6353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-801

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201510-801

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005717

PATCH

title:

cisco-sa-20151029-fsmc1

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1

Trust: 0.8

sources: JVNDB: JVNDB-2015-005717

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6353	Trust: 2.8
db:	SECTRACK	id:	1034040	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-005717	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-801	Trust: 0.7
db:	BID	id:	77367	Trust: 0.4
db:	VULHUB	id:	VHN-84314	Trust: 0.1

sources: VULHUB: VHN-84314 // BID: 77367 // JVNDB: JVNDB-2015-005717 // CNNVD: CNNVD-201510-801 // NVD: CVE-2015-6353

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151029-fsmc1	Trust: 2.0
url:	http://www.securitytracker.com/id/1034040	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6353	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6353	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-84314 // BID: 77367 // JVNDB: JVNDB-2015-005717 // CNNVD: CNNVD-201510-801 // NVD: CVE-2015-6353

CREDITS

Cisco

Trust: 0.3

sources: BID: 77367

SOURCES

db:	VULHUB	id:	VHN-84314
db:	BID	id:	77367
db:	JVNDB	id:	JVNDB-2015-005717
db:	CNNVD	id:	CNNVD-201510-801
db:	NVD	id:	CVE-2015-6353

LAST UPDATE DATE

2024-11-23T22:56:24.166000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84314	date:	2016-12-07T00:00:00
db:	BID	id:	77367	date:	2015-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-005717	date:	2015-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201510-801	date:	2015-11-02T00:00:00
db:	NVD	id:	CVE-2015-6353	date:	2024-11-21T02:34:50.377

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84314	date:	2015-10-31T00:00:00
db:	BID	id:	77367	date:	2015-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-005717	date:	2015-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201510-801	date:	2015-10-31T00:00:00
db:	NVD	id:	CVE-2015-6353	date:	2015-10-31T04:59:05.757