Sign-up

ID

VAR-201611-0162


CVE

CVE-2016-6451


TITLE

Cisco Prime Collaboration Provisioning of Web Cross-site scripting vulnerability in framework code

Trust: 0.8

sources: JVNDB: JVNDB-2016-005733

DESCRIPTION

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCut43061,CSCut43066,CSCut43736,CSCut43738,CSCut43741,CSCut43745,CSCut43748,CSCut43751,CSCut43756,CSCut43759,CSCut43764 and CSCut43766. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 2.07

sources: NVD: CVE-2016-6451 // JVNDB: JVNDB-2016-005733 // BID: 93917 // VULHUB: VHN-95271 // VULMON: CVE-2016-6451

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6.0

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:0

Trust: 0.3

sources: BID: 93917 // JVNDB: JVNDB-2016-005733 // CNNVD: CNNVD-201611-004 // NVD: CVE-2016-6451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6451
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6451
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201611-004
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95271
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-6451
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6451
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-95271
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6451
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95271 // VULMON: CVE-2016-6451 // JVNDB: JVNDB-2016-005733 // CNNVD: CNNVD-201611-004 // NVD: CVE-2016-6451

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-95271 // JVNDB: JVNDB-2016-005733 // NVD: CVE-2016-6451

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-004

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201611-004

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005733

PATCH
title:cisco-sa-20161026-pcpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-pcp
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65234
Trust: 0.6
title:Threatposturl:https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-6451 // 
            
            
            
            JVNDB: JVNDB-2016-005733 // 
            
            
            
            CNNVD: CNNVD-201611-004

EXTERNAL IDS
db:NVDid:CVE-2016-6451
Trust: 2.9
db:BIDid:93917
Trust: 1.5
db:SECTRACKid:1037112
Trust: 1.2
db:JVNDBid:JVNDB-2016-005733
Trust: 0.8
db:CNNVDid:CNNVD-201611-004
Trust: 0.7
db:VULHUBid:VHN-95271
Trust: 0.1
db:VULMONid:CVE-2016-6451
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95271 // 
            
            
            
            VULMON: CVE-2016-6451 // 
            
            
            
            BID: 93917 // 
            
            
            
            JVNDB: JVNDB-2016-005733 // 
            
            
            
            CNNVD: CNNVD-201611-004 // 
            
            
            
            NVD: CVE-2016-6451

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-pcp
Trust: 2.1
url:http://www.securityfocus.com/bid/93917
Trust: 1.3
url:http://www.securitytracker.com/id/1037112
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6451
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6451
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95271 // 
            
            
            
            VULMON: CVE-2016-6451 // 
            
            
            
            BID: 93917 // 
            
            
            
            JVNDB: JVNDB-2016-005733 // 
            
            
            
            CNNVD: CNNVD-201611-004 // 
            
            
            
            NVD: CVE-2016-6451

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 93917

SOURCES
db:VULHUBid:VHN-95271
db:VULMONid:CVE-2016-6451
db:BIDid:93917
db:JVNDBid:JVNDB-2016-005733
db:CNNVDid:CNNVD-201611-004
db:NVDid:CVE-2016-6451

LAST UPDATE DATE
2024-11-23T22:59:26.933000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95271date:2017-07-29T00:00:00
db:VULMONid:CVE-2016-6451date:2017-07-29T00:00:00
db:BIDid:93917date:2016-11-24T01:08:00
db:JVNDBid:JVNDB-2016-005733date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201611-004date:2016-11-04T00:00:00
db:NVDid:CVE-2016-6451date:2024-11-21T02:56:09.580

SOURCES RELEASE DATE
db:VULHUBid:VHN-95271date:2016-11-03T00:00:00
db:VULMONid:CVE-2016-6451date:2016-11-03T00:00:00
db:BIDid:93917date:2016-10-26T00:00:00
db:JVNDBid:JVNDB-2016-005733date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201611-004date:2016-11-04T00:00:00
db:NVDid:CVE-2016-6451date:2016-11-03T21:59:06.793