Sign-up

ID

VAR-201603-0284


CVE

CVE-2016-1355


TITLE

Cisco FireSIGHT system Cross-site scripting vulnerability in software management interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-001588

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687. Cisco FireSIGHT System Software is a set of management center software of Cisco (Cisco), which supports centralized management of the network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services

Trust: 1.71

sources: NVD: CVE-2016-1355 // JVNDB: JVNDB-2016-001588 // VULHUB: VHN-90174

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:6.1.0

Trust: 2.4

sources: JVNDB: JVNDB-2016-001588 // CNNVD: CNNVD-201603-014 // NVD: CVE-2016-1355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1355
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1355
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201603-014
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90174
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1355
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90174
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1355
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90174 // JVNDB: JVNDB-2016-001588 // CNNVD: CNNVD-201603-014 // NVD: CVE-2016-1355

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90174 // JVNDB: JVNDB-2016-001588 // NVD: CVE-2016-1355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-014

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201603-014

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001588

PATCH
title:cisco-sa-20160302-FireSIGHTurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-001588

EXTERNAL IDS
db:NVDid:CVE-2016-1355
Trust: 2.5
db:SECTRACKid:1035188
Trust: 1.1
db:JVNDBid:JVNDB-2016-001588
Trust: 0.8
db:CNNVDid:CNNVD-201603-014
Trust: 0.7
db:VULHUBid:VHN-90174
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90174 // 
            
            
            
            JVNDB: JVNDB-2016-001588 // 
            
            
            
            CNNVD: CNNVD-201603-014 // 
            
            
            
            NVD: CVE-2016-1355

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160302-firesight
Trust: 1.7
url:http://www.securitytracker.com/id/1035188
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1355
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1355
Trust: 0.8
sources:
            
            
            VULHUB: VHN-90174 // 
            
            
            
            JVNDB: JVNDB-2016-001588 // 
            
            
            
            CNNVD: CNNVD-201603-014 // 
            
            
            
            NVD: CVE-2016-1355

SOURCES
db:VULHUBid:VHN-90174
db:JVNDBid:JVNDB-2016-001588
db:CNNVDid:CNNVD-201603-014
db:NVDid:CVE-2016-1355

LAST UPDATE DATE
2024-11-23T22:38:45.449000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90174date:2016-12-03T00:00:00
db:JVNDBid:JVNDB-2016-001588date:2016-03-07T00:00:00
db:CNNVDid:CNNVD-201603-014date:2016-03-04T00:00:00
db:NVDid:CVE-2016-1355date:2024-11-21T02:46:14.717

SOURCES RELEASE DATE
db:VULHUBid:VHN-90174date:2016-03-03T00:00:00
db:JVNDBid:JVNDB-2016-001588date:2016-03-07T00:00:00
db:CNNVDid:CNNVD-201603-014date:2016-03-03T00:00:00
db:NVDid:CVE-2016-1355date:2016-03-03T15:59:01.743