Details of VAR-201608-0247

ID

VAR-201608-0247

CVE

CVE-2016-1485

TITLE

Cisco Identity Services Engine Software cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004431

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCva46497. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2016-1485 // JVNDB: JVNDB-2016-004431 // BID: 92518 // VULHUB: VHN-90304

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3\(0.876\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3(0.876)	Trust: 0.8
vendor:	cisco	model:	identity services engine	scope:	eq	version:	1.3(0.876)	Trust: 0.3

sources: BID: 92518 // JVNDB: JVNDB-2016-004431 // CNNVD: CNNVD-201608-017 // NVD: CVE-2016-1485

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1485
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1485
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201608-017
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90304
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1485
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90304
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1485
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90304 // JVNDB: JVNDB-2016-004431 // CNNVD: CNNVD-201608-017 // NVD: CVE-2016-1485

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-90304 // JVNDB: JVNDB-2016-004431 // NVD: CVE-2016-1485

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-017

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201608-017

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004431

PATCH

title:	cisco-sa-20160817-ise	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise	Trust: 0.8
title:	Cisco Identity Services Engine Admin Dashboard Page Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63645	Trust: 0.6

sources: JVNDB: JVNDB-2016-004431 // CNNVD: CNNVD-201608-017

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1485	Trust: 2.8
db:	BID	id:	92518	Trust: 1.4
db:	SECTRACK	id:	1036647	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-004431	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-017	Trust: 0.7
db:	NSFOCUS	id:	34598	Trust: 0.6
db:	VULHUB	id:	VHN-90304	Trust: 0.1

sources: VULHUB: VHN-90304 // BID: 92518 // JVNDB: JVNDB-2016-004431 // CNNVD: CNNVD-201608-017 // NVD: CVE-2016-1485

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-ise	Trust: 2.0
url:	http://www.securityfocus.com/bid/92518	Trust: 1.1
url:	http://www.securitytracker.com/id/1036647	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1485	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1485	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/34598	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90304 // BID: 92518 // JVNDB: JVNDB-2016-004431 // CNNVD: CNNVD-201608-017 // NVD: CVE-2016-1485

CREDITS

Cisco

Trust: 0.3

sources: BID: 92518

SOURCES

db:	VULHUB	id:	VHN-90304
db:	BID	id:	92518
db:	JVNDB	id:	JVNDB-2016-004431
db:	CNNVD	id:	CNNVD-201608-017
db:	NVD	id:	CVE-2016-1485

LAST UPDATE DATE

2024-11-23T23:09:11.709000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90304	date:	2017-08-16T00:00:00
db:	BID	id:	92518	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004431	date:	2016-08-23T00:00:00
db:	CNNVD	id:	CNNVD-201608-017	date:	2016-08-23T00:00:00
db:	NVD	id:	CVE-2016-1485	date:	2024-11-21T02:46:31.813

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90304	date:	2016-08-22T00:00:00
db:	BID	id:	92518	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004431	date:	2016-08-23T00:00:00
db:	CNNVD	id:	CNNVD-201608-017	date:	2016-08-18T00:00:00
db:	NVD	id:	CVE-2016-1485	date:	2016-08-22T10:59:04.480