Sign-up

ID

VAR-201609-0307


CVE

CVE-2016-6395


TITLE

Cisco Firepower Management Center and FireSIGHT system Software Web -Based scripting interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004636

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following versions are affected: Cisco Firepower Management Center versons prior to 6.1 Cisco FireSIGHT System Software versons prior to 6.1 This issue is tracked by Cisco Bug ID CSCuz58658

Trust: 1.98

sources: NVD: CVE-2016-6395 // JVNDB: JVNDB-2016-004636 // BID: 92824 // VULHUB: VHN-95215

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.6

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.11

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.2

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.3

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.2

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.5

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.3

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.1

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.2

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.2

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.1

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.4

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.3

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.2

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.1

Trust: 1.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.8

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.8

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.9

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.7

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.6

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.3

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.1.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.2.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.7

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.0.2

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.0.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.6

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.5

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.4

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3.0.6

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.1.10

Trust: 1.0

vendor:ciscomodel:firesight system softwarescope:eqversion:5.1.0.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.1

Trust: 0.8

vendor:ciscomodel:firesight system softwarescope:ltversion:6.1

Trust: 0.8

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4

Trust: 0.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.0.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.4

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:4.10.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.0.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.1.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.0.4

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.0.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.3.0.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:4.10.3.9

Trust: 0.3

vendor:ciscomodel:firesight system softwarescope:neversion:6.1.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:6.1

Trust: 0.3

sources: BID: 92824 // JVNDB: JVNDB-2016-004636 // CNNVD: CNNVD-201609-109 // NVD: CVE-2016-6395

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6395
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6395
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201609-109
value: LOW

Trust: 0.6

VULHUB: VHN-95215
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-6395
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95215
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6395
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95215 // JVNDB: JVNDB-2016-004636 // CNNVD: CNNVD-201609-109 // NVD: CVE-2016-6395

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-95215 // JVNDB: JVNDB-2016-004636 // NVD: CVE-2016-6395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-109

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201609-109

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004636

PATCH
title:cisco-sa-20160907-fsssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss
Trust: 0.8
title:Cisco Firepower Management Center  and FireSIGHT System Software Cross-site scripting vulnerability Repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63931
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004636 // 
            
            
            
            CNNVD: CNNVD-201609-109

EXTERNAL IDS
db:NVDid:CVE-2016-6395
Trust: 2.8
db:BIDid:92824
Trust: 2.0
db:SECTRACKid:1036755
Trust: 1.1
db:JVNDBid:JVNDB-2016-004636
Trust: 0.8
db:CNNVDid:CNNVD-201609-109
Trust: 0.7
db:NSFOCUSid:34780
Trust: 0.6
db:VULHUBid:VHN-95215
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95215 // 
            
            
            
            BID: 92824 // 
            
            
            
            JVNDB: JVNDB-2016-004636 // 
            
            
            
            CNNVD: CNNVD-201609-109 // 
            
            
            
            NVD: CVE-2016-6395

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160907-fsss
Trust: 2.0
url:http://www.securityfocus.com/bid/92824
Trust: 1.7
url:http://www.securitytracker.com/id/1036755
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6395
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6395
Trust: 0.8
url:http://www.nsfocus.net/vulndb/34780
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95215 // 
            
            
            
            BID: 92824 // 
            
            
            
            JVNDB: JVNDB-2016-004636 // 
            
            
            
            CNNVD: CNNVD-201609-109 // 
            
            
            
            NVD: CVE-2016-6395

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 92824 // 
            
            
            
            CNNVD: CNNVD-201609-109

SOURCES
db:VULHUBid:VHN-95215
db:BIDid:92824
db:JVNDBid:JVNDB-2016-004636
db:CNNVDid:CNNVD-201609-109
db:NVDid:CVE-2016-6395

LAST UPDATE DATE
2024-11-23T22:56:21.389000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95215date:2016-11-28T00:00:00
db:BIDid:92824date:2016-09-07T00:00:00
db:JVNDBid:JVNDB-2016-004636date:2016-09-14T00:00:00
db:CNNVDid:CNNVD-201609-109date:2016-09-13T00:00:00
db:NVDid:CVE-2016-6395date:2024-11-21T02:56:02.890

SOURCES RELEASE DATE
db:VULHUBid:VHN-95215date:2016-09-12T00:00:00
db:BIDid:92824date:2016-09-07T00:00:00
db:JVNDBid:JVNDB-2016-004636date:2016-09-14T00:00:00
db:CNNVDid:CNNVD-201609-109date:2016-09-08T00:00:00
db:NVDid:CVE-2016-6395date:2016-09-12T10:59:08.227