Sign-up

ID

VAR-201608-0242


CVE

CVE-2016-1476


TITLE

Cisco IP Phone 8800 Series Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-06314 // CNNVD: CNNVD-201608-223

DESCRIPTION

Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuz03024

Trust: 2.52

sources: NVD: CVE-2016-1476 // JVNDB: JVNDB-2016-004429 // CNVD: CNVD-2016-06314 // BID: 92404 // VULHUB: VHN-90295

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06314

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:11.0_base

Trust: 1.6

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:11.0

Trust: 0.8

vendor:ciscomodel:ip phonescope:eqversion:8800

Trust: 0.6

vendor:ciscomodel:ip phone seriesscope:eqversion:880011.0

Trust: 0.3

sources: CNVD: CNVD-2016-06314 // BID: 92404 // JVNDB: JVNDB-2016-004429 // CNNVD: CNNVD-201608-223 // NVD: CVE-2016-1476

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1476
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1476
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-06314
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201608-223
value: LOW

Trust: 0.6

VULHUB: VHN-90295
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-1476
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-06314
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90295
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1476
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-06314 // VULHUB: VHN-90295 // JVNDB: JVNDB-2016-004429 // CNNVD: CNNVD-201608-223 // NVD: CVE-2016-1476

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90295 // JVNDB: JVNDB-2016-004429 // NVD: CVE-2016-1476

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-223

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201608-223

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004429

PATCH
title:cisco-sa-20160810-ip-phone-8800url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800
Trust: 0.8
title:Patch for CiscoIPPhone8800Series Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/80428
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-06314 // 
            
            
            
            JVNDB: JVNDB-2016-004429

EXTERNAL IDS
db:NVDid:CVE-2016-1476
Trust: 3.4
db:BIDid:92404
Trust: 2.6
db:SECTRACKid:1036595
Trust: 1.1
db:JVNDBid:JVNDB-2016-004429
Trust: 0.8
db:CNNVDid:CNNVD-201608-223
Trust: 0.7
db:CNVDid:CNVD-2016-06314
Trust: 0.6
db:VULHUBid:VHN-90295
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06314 // 
            
            
            
            VULHUB: VHN-90295 // 
            
            
            
            BID: 92404 // 
            
            
            
            JVNDB: JVNDB-2016-004429 // 
            
            
            
            CNNVD: CNNVD-201608-223 // 
            
            
            
            NVD: CVE-2016-1476

REFERENCES
url:http://www.securityfocus.com/bid/92404
Trust: 2.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160810-ip-phone-8800
Trust: 2.0
url:http://www.securitytracker.com/id/1036595
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1476
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1476
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-06314 // 
            
            
            
            VULHUB: VHN-90295 // 
            
            
            
            BID: 92404 // 
            
            
            
            JVNDB: JVNDB-2016-004429 // 
            
            
            
            CNNVD: CNNVD-201608-223 // 
            
            
            
            NVD: CVE-2016-1476

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 92404 // 
            
            
            
            CNNVD: CNNVD-201608-223

SOURCES
db:CNVDid:CNVD-2016-06314
db:VULHUBid:VHN-90295
db:BIDid:92404
db:JVNDBid:JVNDB-2016-004429
db:CNNVDid:CNNVD-201608-223
db:NVDid:CVE-2016-1476

LAST UPDATE DATE
2024-11-23T22:34:49.020000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-06314date:2016-08-15T00:00:00
db:VULHUBid:VHN-90295date:2017-08-16T00:00:00
db:BIDid:92404date:2016-08-10T00:00:00
db:JVNDBid:JVNDB-2016-004429date:2016-08-23T00:00:00
db:CNNVDid:CNNVD-201608-223date:2016-08-23T00:00:00
db:NVDid:CVE-2016-1476date:2024-11-21T02:46:30.773

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-06314date:2016-08-15T00:00:00
db:VULHUBid:VHN-90295date:2016-08-22T00:00:00
db:BIDid:92404date:2016-08-10T00:00:00
db:JVNDBid:JVNDB-2016-004429date:2016-08-23T00:00:00
db:CNNVDid:CNNVD-201608-223date:2016-08-11T00:00:00
db:NVDid:CVE-2016-1476date:2016-08-22T10:59:02.073