Sign-up

ID

VAR-201603-0029


CVE

CVE-2016-1314


TITLE

Cisco Unified Communications Domain Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-001914

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCux80760. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A cross-site scripting vulnerability exists in CUCDM version 8.1(1)

Trust: 1.98

sources: NVD: CVE-2016-1314 // JVNDB: JVNDB-2016-001914 // BID: 85690 // VULHUB: VHN-90133

AFFECTED PRODUCTS

vendor:sunmodel:opensolarisscope:eqversion:snv_124

Trust: 1.0

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1(1)

Trust: 0.8

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1\\\(.1\\\)

Trust: 0.6

sources: JVNDB: JVNDB-2016-001914 // CNNVD: CNNVD-201603-399 // NVD: CVE-2016-1314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1314
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1314
value: LOW

Trust: 0.8

CNNVD: CNNVD-201603-399
value: LOW

Trust: 0.6

VULHUB: VHN-90133
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-1314
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90133
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1314
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90133 // JVNDB: JVNDB-2016-001914 // CNNVD: CNNVD-201603-399 // NVD: CVE-2016-1314

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90133 // JVNDB: JVNDB-2016-001914 // NVD: CVE-2016-1314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-399

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201603-399

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001914

PATCH
title:cisco-sa-20160328-ucdmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm
Trust: 0.8
title:Cisco Unified Communications Domain Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60707
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001914 // 
            
            
            
            CNNVD: CNNVD-201603-399

EXTERNAL IDS
db:NVDid:CVE-2016-1314
Trust: 2.8
db:SECTRACKid:1035425
Trust: 1.1
db:JVNDBid:JVNDB-2016-001914
Trust: 0.8
db:CNNVDid:CNNVD-201603-399
Trust: 0.7
db:BIDid:85690
Trust: 0.4
db:VULHUBid:VHN-90133
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90133 // 
            
            
            
            BID: 85690 // 
            
            
            
            JVNDB: JVNDB-2016-001914 // 
            
            
            
            CNNVD: CNNVD-201603-399 // 
            
            
            
            NVD: CVE-2016-1314

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160328-ucdm
Trust: 1.7
url:http://www.securitytracker.com/id/1035425
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1314
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1314
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90133 // 
            
            
            
            BID: 85690 // 
            
            
            
            JVNDB: JVNDB-2016-001914 // 
            
            
            
            CNNVD: CNNVD-201603-399 // 
            
            
            
            NVD: CVE-2016-1314

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 85690

SOURCES
db:VULHUBid:VHN-90133
db:BIDid:85690
db:JVNDBid:JVNDB-2016-001914
db:CNNVDid:CNNVD-201603-399
db:NVDid:CVE-2016-1314

LAST UPDATE DATE
2024-11-23T22:22:46.951000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90133date:2016-12-03T00:00:00
db:BIDid:85690date:2016-07-05T22:02:00
db:JVNDBid:JVNDB-2016-001914date:2016-03-30T00:00:00
db:CNNVDid:CNNVD-201603-399date:2016-03-29T00:00:00
db:NVDid:CVE-2016-1314date:2024-11-21T02:46:10.243

SOURCES RELEASE DATE
db:VULHUBid:VHN-90133date:2016-03-28T00:00:00
db:BIDid:85690date:2016-03-28T00:00:00
db:JVNDBid:JVNDB-2016-001914date:2016-03-30T00:00:00
db:CNNVDid:CNNVD-201603-399date:2016-03-29T00:00:00
db:NVDid:CVE-2016-1314date:2016-03-28T23:59:01.517