Details of VAR-201608-0228

ID

VAR-201608-0228

CVE

CVE-2016-6365

TITLE

Cisco Firepower Management Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-004444

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by Cisco Bug IDs CSCur25508 and CSCur25518

Trust: 1.98

sources: NVD: CVE-2016-6365 // JVNDB: JVNDB-2016-004444 // BID: 92510 // VULHUB: VHN-95185

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.1	Trust: 1.7
vendor:	cisco	model:	firepower management center	scope:	eq	version:	4.10.3	Trust: 1.7
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.0.2	Trust: 1.7
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.2.0	Trust: 1.4
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3.0	Trust: 1.4
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.0	Trust: 1.4
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	4.10.3	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.3.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.3.1	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.3.0.2	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.2.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4	Trust: 0.3
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.3	Trust: 0.3
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.2	Trust: 0.3

sources: BID: 92510 // JVNDB: JVNDB-2016-004444 // CNNVD: CNNVD-201608-334 // NVD: CVE-2016-6365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6365
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-6365
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201608-334
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95185
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6365
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95185
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6365
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95185 // JVNDB: JVNDB-2016-004444 // CNNVD: CNNVD-201608-334 // NVD: CVE-2016-6365

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-95185 // JVNDB: JVNDB-2016-004444 // NVD: CVE-2016-6365

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-334

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201608-334

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004444

PATCH

title:	cisco-sa-20160817-firepowermc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc	Trust: 0.8
title:	Cisco Firepower Management Center Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63700	Trust: 0.6

sources: JVNDB: JVNDB-2016-004444 // CNNVD: CNNVD-201608-334

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6365	Trust: 2.8
db:	BID	id:	92510	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-004444	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-334	Trust: 0.7
db:	VULHUB	id:	VHN-95185	Trust: 0.1

sources: VULHUB: VHN-95185 // BID: 92510 // JVNDB: JVNDB-2016-004444 // CNNVD: CNNVD-201608-334 // NVD: CVE-2016-6365

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-firepowermc	Trust: 2.0
url:	http://www.securityfocus.com/bid/92510	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6365	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6365	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-95185 // BID: 92510 // JVNDB: JVNDB-2016-004444 // CNNVD: CNNVD-201608-334 // NVD: CVE-2016-6365

CREDITS

Cisco

Trust: 0.9

sources: BID: 92510 // CNNVD: CNNVD-201608-334

SOURCES

db:	VULHUB	id:	VHN-95185
db:	BID	id:	92510
db:	JVNDB	id:	JVNDB-2016-004444
db:	CNNVD	id:	CNNVD-201608-334
db:	NVD	id:	CVE-2016-6365

LAST UPDATE DATE

2024-11-27T23:03:22.897000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95185	date:	2016-12-12T00:00:00
db:	BID	id:	92510	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004444	date:	2016-08-24T00:00:00
db:	CNNVD	id:	CNNVD-201608-334	date:	2016-08-24T00:00:00
db:	NVD	id:	CVE-2016-6365	date:	2024-11-26T16:09:02.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95185	date:	2016-08-23T00:00:00
db:	BID	id:	92510	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004444	date:	2016-08-24T00:00:00
db:	CNNVD	id:	CNNVD-201608-334	date:	2016-08-18T00:00:00
db:	NVD	id:	CVE-2016-6365	date:	2016-08-23T02:11:04.960