Details of VAR-201602-0047

ID

VAR-201602-0047

CVE

CVE-2016-1306

TITLE

Cisco Fog Director Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-00880 // CNNVD: CNNVD-201602-047

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. Cisco Fog Director Contains a cross-site scripting vulnerability. When malicious data is viewed, it can obtain sensitive information or hijack user sessions. Cisco Fog Director is a set of automated management platform for centralized management of multiple applications running on the edge of the network. The platform controls application settings and lifecycles, and supports access and monitoring of large-scale IoT deployments. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by the Cisco Bug ID CSCux80466

Trust: 3.06

sources: NVD: CVE-2016-1306 // JVNDB: JVNDB-2016-001414 // CNVD: CNVD-2016-00880 // CNNVD: CNNVD-201602-047 // BID: 82306 // VULHUB: VHN-90125

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00880

AFFECTED PRODUCTS

vendor:	cisco	model:	fog director	scope:	eq	version:	1.0(0)	Trust: 1.7
vendor:	sun	model:	opensolaris	scope:	eq	version:	snv_124	Trust: 1.0
vendor:	cisco	model:	fog director	scope:	eq	version:	1.0\\\(0\\\)	Trust: 0.6

sources: CNVD: CNVD-2016-00880 // BID: 82306 // JVNDB: JVNDB-2016-001414 // CNNVD: CNNVD-201602-047 // NVD: CVE-2016-1306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1306
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1306
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-00880
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201602-047
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90125
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1306
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00880
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90125
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1306
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-00880 // VULHUB: VHN-90125 // JVNDB: JVNDB-2016-001414 // CNNVD: CNNVD-201602-047 // NVD: CVE-2016-1306

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-90125 // JVNDB: JVNDB-2016-001414 // NVD: CVE-2016-1306

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-047

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-047

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001414

PATCH

title:

cisco-sa-20160201-fd

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd

Trust: 0.8

sources: JVNDB: JVNDB-2016-001414

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1306	Trust: 3.4
db:	BID	id:	82306	Trust: 1.6
db:	JVNDB	id:	JVNDB-2016-001414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-047	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00880	Trust: 0.6
db:	VULHUB	id:	VHN-90125	Trust: 0.1

sources: CNVD: CNVD-2016-00880 // VULHUB: VHN-90125 // BID: 82306 // JVNDB: JVNDB-2016-001414 // CNNVD: CNNVD-201602-047 // NVD: CVE-2016-1306

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160201-fd	Trust: 2.0
url:	http://www.securityfocus.com/bid/82306	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1306	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1306	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-00880 // VULHUB: VHN-90125 // BID: 82306 // JVNDB: JVNDB-2016-001414 // CNNVD: CNNVD-201602-047 // NVD: CVE-2016-1306

CREDITS

Cisco

Trust: 0.9

sources: BID: 82306 // CNNVD: CNNVD-201602-047

SOURCES

db:	CNVD	id:	CNVD-2016-00880
db:	VULHUB	id:	VHN-90125
db:	BID	id:	82306
db:	JVNDB	id:	JVNDB-2016-001414
db:	CNNVD	id:	CNNVD-201602-047
db:	NVD	id:	CVE-2016-1306

LAST UPDATE DATE

2024-11-23T22:34:51.170000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00880	date:	2016-02-15T00:00:00
db:	VULHUB	id:	VHN-90125	date:	2016-02-16T00:00:00
db:	BID	id:	82306	date:	2016-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-001414	date:	2016-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201602-047	date:	2016-02-15T00:00:00
db:	NVD	id:	CVE-2016-1306	date:	2024-11-21T02:46:09.367

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00880	date:	2016-02-15T00:00:00
db:	VULHUB	id:	VHN-90125	date:	2016-02-06T00:00:00
db:	BID	id:	82306	date:	2016-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-001414	date:	2016-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201602-047	date:	2016-02-03T00:00:00
db:	NVD	id:	CVE-2016-1306	date:	2016-02-06T05:59:03.370