Sign-up

ID

VAR-201610-0276


CVE

CVE-2016-6425


TITLE

Cisco Unified Contact Center Express Used in Unified Intelligence Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-005138

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. Vendors have confirmed this vulnerability Bug ID CSCuy75020 ,and CSCuy81652 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID's CSCuy75020 and CSCuy81652. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform

Trust: 1.98

sources: NVD: CVE-2016-6425 // JVNDB: JVNDB-2016-005138 // BID: 93422 // VULHUB: VHN-95245

AFFECTED PRODUCTS

vendor:ciscomodel:unified intelligence centerscope:eqversion:9.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified intelligence centerscope:eqversion:8.5.4

Trust: 1.6

vendor:ciscomodel:unified contact center expressscope:eqversion:11.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified contact center expressscope:eqversion:10.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified contact center expressscope:eqversion:10.6\(1\)

Trust: 1.6

vendor:ciscomodel:unified intelligence centerscope:eqversion:9.1\(1\)

Trust: 1.6

vendor:ciscomodel:unified contact center expressscope:eqversion:10.5\(1\)

Trust: 1.6

vendor:ciscomodel:unified contact center expressscope:eqversion:10.0(1) to 11.0(1)

Trust: 0.8

vendor:ciscomodel:unified intelligence centerscope:eqversion:8.5.4 to 9.1(1)

Trust: 0.8

vendor:ciscomodel:unified intelligence centerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified contact center expressscope:eqversion:0

Trust: 0.3

sources: BID: 93422 // JVNDB: JVNDB-2016-005138 // CNNVD: CNNVD-201610-082 // NVD: CVE-2016-6425

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6425
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6425
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201610-082
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95245
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6425
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95245
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6425
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95245 // JVNDB: JVNDB-2016-005138 // CNNVD: CNNVD-201610-082 // NVD: CVE-2016-6425

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-95245 // JVNDB: JVNDB-2016-005138 // NVD: CVE-2016-6425

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-082

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201610-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005138

PATCH
title:cisco-sa-20161005-ucis1url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1
Trust: 0.8
title:Cisco Unified Intelligence Center Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64510
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-005138 // 
            
            
            
            CNNVD: CNNVD-201610-082

EXTERNAL IDS
db:NVDid:CVE-2016-6425
Trust: 2.8
db:SECTRACKid:1036951
Trust: 1.7
db:BIDid:93422
Trust: 1.4
db:JVNDBid:JVNDB-2016-005138
Trust: 0.8
db:CNNVDid:CNNVD-201610-082
Trust: 0.7
db:VULHUBid:VHN-95245
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95245 // 
            
            
            
            BID: 93422 // 
            
            
            
            JVNDB: JVNDB-2016-005138 // 
            
            
            
            CNNVD: CNNVD-201610-082 // 
            
            
            
            NVD: CVE-2016-6425

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis1
Trust: 2.0
url:http://www.securityfocus.com/bid/93422
Trust: 1.1
url:http://www.securitytracker.com/id/1036951
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6425
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6425
Trust: 0.8
url:http://securitytracker.com/id/1036951
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95245 // 
            
            
            
            BID: 93422 // 
            
            
            
            JVNDB: JVNDB-2016-005138 // 
            
            
            
            CNNVD: CNNVD-201610-082 // 
            
            
            
            NVD: CVE-2016-6425

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 93422

SOURCES
db:VULHUBid:VHN-95245
db:BIDid:93422
db:JVNDBid:JVNDB-2016-005138
db:CNNVDid:CNNVD-201610-082
db:NVDid:CVE-2016-6425

LAST UPDATE DATE
2024-11-23T22:01:23.377000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95245date:2017-07-30T00:00:00
db:BIDid:93422date:2016-10-10T05:02:00
db:JVNDBid:JVNDB-2016-005138date:2016-10-12T00:00:00
db:CNNVDid:CNNVD-201610-082date:2016-10-10T00:00:00
db:NVDid:CVE-2016-6425date:2024-11-21T02:56:06.347

SOURCES RELEASE DATE
db:VULHUBid:VHN-95245date:2016-10-06T00:00:00
db:BIDid:93422date:2016-10-05T00:00:00
db:JVNDBid:JVNDB-2016-005138date:2016-10-12T00:00:00
db:CNNVDid:CNNVD-201610-082date:2016-10-10T00:00:00
db:NVDid:CVE-2016-6425date:2016-10-06T10:59:11.257