Details of VAR-201510-0031

ID

VAR-201510-0031

CVE

CVE-2015-6354

TITLE

Cisco FireSight Management Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-005718

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. Cisco FireSight Management Center (MC) Contains a cross-site scripting vulnerability. Cisco FireSIGHT Management Center is prone to an HTML-injection vulnerability because it fails to properly sanitize certain unspecified user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuv73338

Trust: 1.98

sources: NVD: CVE-2015-6354 // JVNDB: JVNDB-2015-005718 // BID: 77368 // VULHUB: VHN-84315

AFFECTED PRODUCTS

vendor:	cisco	model:	firesight system software	scope:	eq	version:	5.4.1.3	Trust: 2.4
vendor:	cisco	model:	firesight system software	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	cisco	model:	firesight system software	scope:	eq	version:	6.0	Trust: 0.8
vendor:	cisco	model:	firesight management center	scope:	eq	version:	6.0	Trust: 0.3
vendor:	cisco	model:	firesight management center	scope:	eq	version:	5.4.1.3	Trust: 0.3

sources: BID: 77368 // JVNDB: JVNDB-2015-005718 // CNNVD: CNNVD-201510-802 // NVD: CVE-2015-6354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6354
value:	LOW
Trust: 1.0
NVD:	CVE-2015-6354
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201510-802
value:	LOW
Trust: 0.6
VULHUB:	VHN-84315
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-6354
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84315
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84315 // JVNDB: JVNDB-2015-005718 // CNNVD: CNNVD-201510-802 // NVD: CVE-2015-6354

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-84315 // JVNDB: JVNDB-2015-005718 // NVD: CVE-2015-6354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-802

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201510-802

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005718

PATCH

title:

cisco-sa-20151029-fsmc2

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2

Trust: 0.8

sources: JVNDB: JVNDB-2015-005718

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6354	Trust: 2.8
db:	SECTRACK	id:	1034041	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-005718	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-802	Trust: 0.7
db:	BID	id:	77368	Trust: 0.4
db:	VULHUB	id:	VHN-84315	Trust: 0.1

sources: VULHUB: VHN-84315 // BID: 77368 // JVNDB: JVNDB-2015-005718 // CNNVD: CNNVD-201510-802 // NVD: CVE-2015-6354

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151029-fsmc2	Trust: 2.0
url:	http://www.securitytracker.com/id/1034041	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6354	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6354	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-84315 // BID: 77368 // JVNDB: JVNDB-2015-005718 // CNNVD: CNNVD-201510-802 // NVD: CVE-2015-6354

CREDITS

Cisco

Trust: 0.3

sources: BID: 77368

SOURCES

db:	VULHUB	id:	VHN-84315
db:	BID	id:	77368
db:	JVNDB	id:	JVNDB-2015-005718
db:	CNNVD	id:	CNNVD-201510-802
db:	NVD	id:	CVE-2015-6354

LAST UPDATE DATE

2024-11-23T23:02:39.731000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84315	date:	2016-12-07T00:00:00
db:	BID	id:	77368	date:	2015-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-005718	date:	2015-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201510-802	date:	2015-11-02T00:00:00
db:	NVD	id:	CVE-2015-6354	date:	2024-11-21T02:34:50.480

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84315	date:	2015-10-31T00:00:00
db:	BID	id:	77368	date:	2015-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-005718	date:	2015-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201510-802	date:	2015-10-31T00:00:00
db:	NVD	id:	CVE-2015-6354	date:	2015-10-31T04:59:06.663