Sign-up

ID

VAR-201601-0044


CVE

CVE-2016-1300


TITLE

Cisco Unity Connection Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-001331

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by following Cisco Bug ID's CSCux82576 CSCux82582 CSCux82587 CSCux82590 CSCux82602 CSCux82608. The platform can use voice commands to make calls or listen to messages "hands-free"

Trust: 1.98

sources: NVD: CVE-2016-1300 // JVNDB: JVNDB-2016-001331 // BID: 82008 // VULHUB: VHN-90119

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:eqversion:10.5\(2.3009\)

Trust: 1.6

vendor:ciscomodel:unity connectionscope:eqversion:10.5(2.3009)

Trust: 1.1

sources: BID: 82008 // JVNDB: JVNDB-2016-001331 // CNNVD: CNNVD-201601-657 // NVD: CVE-2016-1300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1300
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1300
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201601-657
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90119
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1300
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90119
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1300
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90119 // JVNDB: JVNDB-2016-001331 // CNNVD: CNNVD-201601-657 // NVD: CVE-2016-1300

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90119 // JVNDB: JVNDB-2016-001331 // NVD: CVE-2016-1300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-657

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201601-657

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001331

PATCH
title:cisco-sa-20160127-ucurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-001331

EXTERNAL IDS
db:NVDid:CVE-2016-1300
Trust: 2.8
db:JVNDBid:JVNDB-2016-001331
Trust: 0.8
db:CNNVDid:CNNVD-201601-657
Trust: 0.7
db:BIDid:82008
Trust: 0.4
db:VULHUBid:VHN-90119
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90119 // 
            
            
            
            BID: 82008 // 
            
            
            
            JVNDB: JVNDB-2016-001331 // 
            
            
            
            CNNVD: CNNVD-201601-657 // 
            
            
            
            NVD: CVE-2016-1300

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160127-uc
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1300
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1300
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90119 // 
            
            
            
            BID: 82008 // 
            
            
            
            JVNDB: JVNDB-2016-001331 // 
            
            
            
            CNNVD: CNNVD-201601-657 // 
            
            
            
            NVD: CVE-2016-1300

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 82008

SOURCES
db:VULHUBid:VHN-90119
db:BIDid:82008
db:JVNDBid:JVNDB-2016-001331
db:CNNVDid:CNNVD-201601-657
db:NVDid:CVE-2016-1300

LAST UPDATE DATE
2024-11-23T22:42:22.724000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90119date:2016-01-28T00:00:00
db:BIDid:82008date:2016-01-27T00:00:00
db:JVNDBid:JVNDB-2016-001331date:2016-01-29T00:00:00
db:CNNVDid:CNNVD-201601-657date:2016-01-28T00:00:00
db:NVDid:CVE-2016-1300date:2024-11-21T02:46:08.707

SOURCES RELEASE DATE
db:VULHUBid:VHN-90119date:2016-01-27T00:00:00
db:BIDid:82008date:2016-01-27T00:00:00
db:JVNDBid:JVNDB-2016-001331date:2016-01-29T00:00:00
db:CNNVDid:CNNVD-201601-657date:2016-01-28T00:00:00
db:NVDid:CVE-2016-1300date:2016-01-27T22:59:03.770