Sign-up

ID

VAR-201511-0214


CVE

CVE-2015-6363


TITLE

Cisco FireSIGHT Management Center of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2015-005917

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396. The Cisco FireSIGHT Management Center is a suite of management software from Cisco, Inc. that supports centralized management of network security and operational features of Cisco ASA and Cisco FirePOWER network security appliances using FirePOWER Services. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuw88390 and CSCuw88396

Trust: 2.52

sources: NVD: CVE-2015-6363 // JVNDB: JVNDB-2015-005917 // CNVD: CNVD-2015-07583 // BID: 77552 // VULHUB: VHN-84324

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07583

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.4

Trust: 2.4

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.1

Trust: 2.4

vendor:ciscomodel:firesight management centerscope:eqversion:5.4.1.4

Trust: 0.9

vendor:ciscomodel:firesight management centerscope:eqversion:6.0.1

Trust: 0.9

sources: CNVD: CNVD-2015-07583 // BID: 77552 // JVNDB: JVNDB-2015-005917 // CNNVD: CNNVD-201511-232 // NVD: CVE-2015-6363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6363
value: LOW

Trust: 1.0

NVD: CVE-2015-6363
value: LOW

Trust: 0.8

CNVD: CNVD-2015-07583
value: LOW

Trust: 0.6

CNNVD: CNNVD-201511-232
value: LOW

Trust: 0.6

VULHUB: VHN-84324
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-6363
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07583
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84324
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-07583 // VULHUB: VHN-84324 // JVNDB: JVNDB-2015-005917 // CNNVD: CNNVD-201511-232 // NVD: CVE-2015-6363

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-84324 // JVNDB: JVNDB-2015-005917 // NVD: CVE-2015-6363

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-232

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201511-232

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005917

PATCH
title:cisco-sa-20151111-fmcurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc
Trust: 0.8
title:Patch for Multiple Cross-Site Scripting Vulnerabilities in Cisco FireSIGHT Management Centerurl:https://www.cnvd.org.cn/patchInfo/show/66828
Trust: 0.6
title:Cisco FireSIGHT Management Center Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58725
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07583 // 
            
            
            
            JVNDB: JVNDB-2015-005917 // 
            
            
            
            CNNVD: CNNVD-201511-232

EXTERNAL IDS
db:NVDid:CVE-2015-6363
Trust: 3.4
db:SECTRACKid:1034138
Trust: 1.1
db:JVNDBid:JVNDB-2015-005917
Trust: 0.8
db:CNNVDid:CNNVD-201511-232
Trust: 0.7
db:CNVDid:CNVD-2015-07583
Trust: 0.6
db:BIDid:77552
Trust: 0.4
db:SEEBUGid:SSVID-89841
Trust: 0.1
db:VULHUBid:VHN-84324
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07583 // 
            
            
            
            VULHUB: VHN-84324 // 
            
            
            
            BID: 77552 // 
            
            
            
            JVNDB: JVNDB-2015-005917 // 
            
            
            
            CNNVD: CNNVD-201511-232 // 
            
            
            
            NVD: CVE-2015-6363

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151111-fmc
Trust: 2.6
url:http://www.securitytracker.com/id/1034138
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6363
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6363
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07583 // 
            
            
            
            VULHUB: VHN-84324 // 
            
            
            
            BID: 77552 // 
            
            
            
            JVNDB: JVNDB-2015-005917 // 
            
            
            
            CNNVD: CNNVD-201511-232 // 
            
            
            
            NVD: CVE-2015-6363

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77552

SOURCES
db:CNVDid:CNVD-2015-07583
db:VULHUBid:VHN-84324
db:BIDid:77552
db:JVNDBid:JVNDB-2015-005917
db:CNNVDid:CNNVD-201511-232
db:NVDid:CVE-2015-6363

LAST UPDATE DATE
2024-11-23T22:56:23.622000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07583date:2015-11-17T00:00:00
db:VULHUBid:VHN-84324date:2016-12-07T00:00:00
db:BIDid:77552date:2015-11-11T00:00:00
db:JVNDBid:JVNDB-2015-005917date:2015-11-16T00:00:00
db:CNNVDid:CNNVD-201511-232date:2015-11-13T00:00:00
db:NVDid:CVE-2015-6363date:2024-11-21T02:34:51.617

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07583date:2015-11-17T00:00:00
db:VULHUBid:VHN-84324date:2015-11-12T00:00:00
db:BIDid:77552date:2015-11-11T00:00:00
db:JVNDBid:JVNDB-2015-005917date:2015-11-16T00:00:00
db:CNNVDid:CNNVD-201511-232date:2015-11-13T00:00:00
db:NVDid:CVE-2015-6363date:2015-11-12T03:59:01.293