Sign-up

ID

VAR-201601-0051


CVE

CVE-2016-1293


TITLE

Cisco FireSIGHT system Software Management Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-001300

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414. Cisco FireSIGHTManagementCenter centrally manages the network security and operational features of CiscoASAwithFirePOWERServices and Cisco FirePOWER appliances. Management Center is one of the management center components

Trust: 2.25

sources: NVD: CVE-2016-1293 // JVNDB: JVNDB-2016-001300 // CNVD: CNVD-2016-00386 // VULHUB: VHN-90112

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00386

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 3.0

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.1

Trust: 3.0

sources: CNVD: CNVD-2016-00386 // JVNDB: JVNDB-2016-001300 // CNNVD: CNNVD-201601-347 // NVD: CVE-2016-1293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1293
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1293
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00386
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201601-347
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90112
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1293
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00386
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90112
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1293
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00386 // VULHUB: VHN-90112 // JVNDB: JVNDB-2016-001300 // CNNVD: CNNVD-201601-347 // NVD: CVE-2016-1293

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90112 // JVNDB: JVNDB-2016-001300 // NVD: CVE-2016-1293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-347

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201601-347

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001300

PATCH
title:cisco-sa-20160115-FireSIGHTurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
Trust: 0.8
title:Patch for CiscoFireSIGHTSystemSoftware Cross-Site Scripting Vulnerability (CNVD-2016-00386)url:https://www.cnvd.org.cn/patchInfo/show/70318
Trust: 0.6
title:Cisco FireSIGHT System Software Management Center Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59665
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00386 // 
            
            
            
            JVNDB: JVNDB-2016-001300 // 
            
            
            
            CNNVD: CNNVD-201601-347

EXTERNAL IDS
db:NVDid:CVE-2016-1293
Trust: 3.1
db:SECTRACKid:1034689
Trust: 1.1
db:JVNDBid:JVNDB-2016-001300
Trust: 0.8
db:CNNVDid:CNNVD-201601-347
Trust: 0.7
db:CNVDid:CNVD-2016-00386
Trust: 0.6
db:VULHUBid:VHN-90112
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00386 // 
            
            
            
            VULHUB: VHN-90112 // 
            
            
            
            JVNDB: JVNDB-2016-001300 // 
            
            
            
            CNNVD: CNNVD-201601-347 // 
            
            
            
            NVD: CVE-2016-1293

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160115-firesight
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1293
Trust: 1.4
url:http://www.securitytracker.com/id/1034689
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1293
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-00386 // 
            
            
            
            VULHUB: VHN-90112 // 
            
            
            
            JVNDB: JVNDB-2016-001300 // 
            
            
            
            CNNVD: CNNVD-201601-347 // 
            
            
            
            NVD: CVE-2016-1293

SOURCES
db:CNVDid:CNVD-2016-00386
db:VULHUBid:VHN-90112
db:JVNDBid:JVNDB-2016-001300
db:CNNVDid:CNNVD-201601-347
db:NVDid:CVE-2016-1293

LAST UPDATE DATE
2024-11-23T22:38:46.161000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00386date:2016-01-21T00:00:00
db:VULHUBid:VHN-90112date:2016-12-07T00:00:00
db:JVNDBid:JVNDB-2016-001300date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-347date:2016-01-18T00:00:00
db:NVDid:CVE-2016-1293date:2024-11-21T02:46:07.853

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00386date:2016-01-21T00:00:00
db:VULHUBid:VHN-90112date:2016-01-16T00:00:00
db:JVNDBid:JVNDB-2016-001300date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-347date:2016-01-18T00:00:00
db:NVDid:CVE-2016-1293date:2016-01-16T05:59:05.440