Sign-up

ID

VAR-201602-0050


CVE

CVE-2016-1309


TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-001502

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. Cisco WebEx Meetings Server Contains a cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuy01843, CSCuy03489, CSCuy03502 and CSCuy12322. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2016-1309 // JVNDB: JVNDB-2016-001502 // BID: 82450 // VULHUB: VHN-90128

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.1.5

Trust: 2.4

sources: JVNDB: JVNDB-2016-001502 // CNNVD: CNNVD-201602-145 // NVD: CVE-2016-1309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1309
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1309
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-145
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90128
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1309
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90128
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1309
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90128 // JVNDB: JVNDB-2016-001502 // CNNVD: CNNVD-201602-145 // NVD: CVE-2016-1309

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90128 // JVNDB: JVNDB-2016-001502 // NVD: CVE-2016-1309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-145

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-145

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001502

PATCH
title:cisco-sa-20160202-wmsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-wms
Trust: 0.8
title:Cisco WebEx Meetings Server Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60092
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001502 // 
            
            
            
            CNNVD: CNNVD-201602-145

EXTERNAL IDS
db:NVDid:CVE-2016-1309
Trust: 2.8
db:SECTRACKid:1034919
Trust: 1.1
db:JVNDBid:JVNDB-2016-001502
Trust: 0.8
db:CNNVDid:CNNVD-201602-145
Trust: 0.7
db:BIDid:82450
Trust: 0.4
db:VULHUBid:VHN-90128
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90128 // 
            
            
            
            BID: 82450 // 
            
            
            
            JVNDB: JVNDB-2016-001502 // 
            
            
            
            CNNVD: CNNVD-201602-145 // 
            
            
            
            NVD: CVE-2016-1309

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160202-wms
Trust: 2.0
url:http://www.securitytracker.com/id/1034919
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1309
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1309
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12732/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90128 // 
            
            
            
            BID: 82450 // 
            
            
            
            JVNDB: JVNDB-2016-001502 // 
            
            
            
            CNNVD: CNNVD-201602-145 // 
            
            
            
            NVD: CVE-2016-1309

CREDITS
Adam Willard of Raytheon Foreground Security
Trust: 0.3
sources:
            
            
            BID: 82450

SOURCES
db:VULHUBid:VHN-90128
db:BIDid:82450
db:JVNDBid:JVNDB-2016-001502
db:CNNVDid:CNNVD-201602-145
db:NVDid:CVE-2016-1309

LAST UPDATE DATE
2024-11-23T22:07:52.544000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90128date:2016-12-06T00:00:00
db:BIDid:82450date:2016-07-05T21:23:00
db:JVNDBid:JVNDB-2016-001502date:2016-02-26T00:00:00
db:CNNVDid:CNNVD-201602-145date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1309date:2024-11-21T02:46:09.690

SOURCES RELEASE DATE
db:VULHUBid:VHN-90128date:2016-02-07T00:00:00
db:BIDid:82450date:2016-02-02T00:00:00
db:JVNDBid:JVNDB-2016-001502date:2016-02-26T00:00:00
db:CNNVDid:CNNVD-201602-145date:2016-02-14T00:00:00
db:NVDid:CVE-2016-1309date:2016-02-07T11:59:05.710