Details of VAR-201512-0407

ID

VAR-201512-0407

CVE

CVE-2015-6400

TITLE

Cisco Emergency Responder Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-006383

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. Cisco Emergency Responder Contains a cross-site scripting vulnerability. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. An attacker could exploit a vulnerability to perform a storage-type cross-site scripting attack on a user's web interface by entering malicious code into the affected form. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuv25547. The software provides features such as real-time location tracking database and caller's location

Trust: 2.52

sources: NVD: CVE-2015-6400 // JVNDB: JVNDB-2015-006383 // CNVD: CNVD-2015-08365 // BID: 78878 // VULHUB: VHN-84361

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-08365

AFFECTED PRODUCTS

vendor:	cisco	model:	emergency responder	scope:	eq	version:	10.5\(1a\)	Trust: 1.6
vendor:	cisco	model:	emergency responder 10.5	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	emergency responder software	scope:	eq	version:	10.5(1a)	Trust: 0.8

sources: CNVD: CNVD-2015-08365 // BID: 78878 // JVNDB: JVNDB-2015-006383 // CNNVD: CNNVD-201512-398 // NVD: CVE-2015-6400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6400
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6400
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-08365
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201512-398
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84361
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6400
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-08365
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84361
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-08365 // VULHUB: VHN-84361 // JVNDB: JVNDB-2015-006383 // CNNVD: CNNVD-201512-398 // NVD: CVE-2015-6400

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-84361 // JVNDB: JVNDB-2015-006383 // NVD: CVE-2015-6400

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-398

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201512-398

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006383

PATCH

title:

cisco-sa-20151210-cer

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-cer

Trust: 0.8

sources: JVNDB: JVNDB-2015-006383

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6400	Trust: 3.4
db:	BID	id:	78878	Trust: 1.4
db:	JVNDB	id:	JVNDB-2015-006383	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-398	Trust: 0.7
db:	CNVD	id:	CNVD-2015-08365	Trust: 0.6
db:	VULHUB	id:	VHN-84361	Trust: 0.1

sources: CNVD: CNVD-2015-08365 // VULHUB: VHN-84361 // BID: 78878 // JVNDB: JVNDB-2015-006383 // CNNVD: CNNVD-201512-398 // NVD: CVE-2015-6400

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151210-cer	Trust: 2.6
url:	http://www.securityfocus.com/bid/78878	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6400	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6400	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-08365 // VULHUB: VHN-84361 // BID: 78878 // JVNDB: JVNDB-2015-006383 // CNNVD: CNNVD-201512-398 // NVD: CVE-2015-6400

CREDITS

Cisco

Trust: 0.3

sources: BID: 78878

SOURCES

db:	CNVD	id:	CNVD-2015-08365
db:	VULHUB	id:	VHN-84361
db:	BID	id:	78878
db:	JVNDB	id:	JVNDB-2015-006383
db:	CNNVD	id:	CNNVD-201512-398
db:	NVD	id:	CVE-2015-6400

LAST UPDATE DATE

2024-11-23T22:01:39.561000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-08365	date:	2015-12-22T00:00:00
db:	VULHUB	id:	VHN-84361	date:	2016-11-28T00:00:00
db:	BID	id:	78878	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006383	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201512-398	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-6400	date:	2024-11-21T02:34:55.770

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-08365	date:	2015-12-22T00:00:00
db:	VULHUB	id:	VHN-84361	date:	2015-12-13T00:00:00
db:	BID	id:	78878	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006383	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201512-398	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-6400	date:	2015-12-13T03:59:02.877