Sign-up

ID

VAR-201602-0051


CVE

CVE-2016-1310


TITLE

Cisco Unity Connection Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-001494

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. Cisco UnityConnection (UC) is a set of voice message platform from Cisco. The platform can use voice commands to make calls or listen to messages in a \342\200\234hands-free\342\200\235 manner. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuy09033

Trust: 2.52

sources: NVD: CVE-2016-1310 // JVNDB: JVNDB-2016-001494 // CNVD: CNVD-2016-01055 // BID: 82634 // VULHUB: VHN-90129

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01055

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:eqversion:11.5(0.199)

Trust: 1.4

vendor:sunmodel:opensolarisscope:eqversion:snv_124

Trust: 1.0

vendor:ciscomodel:unity connectionscope:eqversion:11.5\\\(0.199\\\)

Trust: 0.6

sources: CNVD: CNVD-2016-01055 // JVNDB: JVNDB-2016-001494 // CNNVD: CNNVD-201602-133 // NVD: CVE-2016-1310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1310
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1310
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-01055
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201602-133
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90129
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1310
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01055
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90129
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1310
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-01055 // VULHUB: VHN-90129 // JVNDB: JVNDB-2016-001494 // CNNVD: CNNVD-201602-133 // NVD: CVE-2016-1310

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90129 // JVNDB: JVNDB-2016-001494 // NVD: CVE-2016-1310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-133

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-133

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001494

PATCH
title:cisco-sa-20160203-ucurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-uc
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-001494

EXTERNAL IDS
db:NVDid:CVE-2016-1310
Trust: 3.4
db:SECTRACKid:1034937
Trust: 1.1
db:BIDid:82634
Trust: 0.9
db:JVNDBid:JVNDB-2016-001494
Trust: 0.8
db:CNNVDid:CNNVD-201602-133
Trust: 0.7
db:CNVDid:CNVD-2016-01055
Trust: 0.6
db:VULHUBid:VHN-90129
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01055 // 
            
            
            
            VULHUB: VHN-90129 // 
            
            
            
            BID: 82634 // 
            
            
            
            JVNDB: JVNDB-2016-001494 // 
            
            
            
            CNNVD: CNNVD-201602-133 // 
            
            
            
            NVD: CVE-2016-1310

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160203-uc
Trust: 2.6
url:http://www.securitytracker.com/id/1034937
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1310
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1310
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-01055 // 
            
            
            
            VULHUB: VHN-90129 // 
            
            
            
            BID: 82634 // 
            
            
            
            JVNDB: JVNDB-2016-001494 // 
            
            
            
            CNNVD: CNNVD-201602-133 // 
            
            
            
            NVD: CVE-2016-1310

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 82634

SOURCES
db:CNVDid:CNVD-2016-01055
db:VULHUBid:VHN-90129
db:BIDid:82634
db:JVNDBid:JVNDB-2016-001494
db:CNNVDid:CNNVD-201602-133
db:NVDid:CVE-2016-1310

LAST UPDATE DATE
2024-11-23T22:01:34.593000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01055date:2016-02-17T00:00:00
db:VULHUBid:VHN-90129date:2016-12-06T00:00:00
db:BIDid:82634date:2016-07-05T21:22:00
db:JVNDBid:JVNDB-2016-001494date:2016-02-25T00:00:00
db:CNNVDid:CNNVD-201602-133date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1310date:2024-11-21T02:46:09.797

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01055date:2016-02-17T00:00:00
db:VULHUBid:VHN-90129date:2016-02-06T00:00:00
db:BIDid:82634date:2016-02-03T00:00:00
db:JVNDBid:JVNDB-2016-001494date:2016-02-25T00:00:00
db:CNNVDid:CNNVD-201602-133date:2016-02-14T00:00:00
db:NVDid:CVE-2016-1310date:2016-02-06T05:59:04.387