Sign-up

ID

VAR-201611-0174


CVE

CVE-2016-6472


TITLE

Cisco Unified Communication Manager of ccmivr Page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005915

DESCRIPTION

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404). An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvb37121. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2016-6472 // JVNDB: JVNDB-2016-005915 // BID: 94364 // VULHUB: VHN-95292

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.2\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.2)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion: -

Trust: 0.3

sources: BID: 94364 // JVNDB: JVNDB-2016-005915 // CNNVD: CNNVD-201611-442 // NVD: CVE-2016-6472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6472
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6472
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201611-442
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95292
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6472
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95292
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6472
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95292 // JVNDB: JVNDB-2016-005915 // CNNVD: CNNVD-201611-442 // NVD: CVE-2016-6472

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-95292 // JVNDB: JVNDB-2016-005915 // NVD: CVE-2016-6472

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-442

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201611-442

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005915

PATCH
title:cisco-sa-20161116-ucmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-005915

EXTERNAL IDS
db:NVDid:CVE-2016-6472
Trust: 2.8
db:BIDid:94364
Trust: 1.4
db:SECTRACKid:1037305
Trust: 1.1
db:JVNDBid:JVNDB-2016-005915
Trust: 0.8
db:CNNVDid:CNNVD-201611-442
Trust: 0.7
db:VULHUBid:VHN-95292
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95292 // 
            
            
            
            BID: 94364 // 
            
            
            
            JVNDB: JVNDB-2016-005915 // 
            
            
            
            CNNVD: CNNVD-201611-442 // 
            
            
            
            NVD: CVE-2016-6472

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161116-ucm
Trust: 2.0
url:http://www.securityfocus.com/bid/94364
Trust: 1.1
url:http://www.securitytracker.com/id/1037305
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6472
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6472
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95292 // 
            
            
            
            BID: 94364 // 
            
            
            
            JVNDB: JVNDB-2016-005915 // 
            
            
            
            CNNVD: CNNVD-201611-442 // 
            
            
            
            NVD: CVE-2016-6472

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 94364

SOURCES
db:VULHUBid:VHN-95292
db:BIDid:94364
db:JVNDBid:JVNDB-2016-005915
db:CNNVDid:CNNVD-201611-442
db:NVDid:CVE-2016-6472

LAST UPDATE DATE
2024-11-23T21:54:22.189000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95292date:2017-07-28T00:00:00
db:BIDid:94364date:2016-11-24T01:11:00
db:JVNDBid:JVNDB-2016-005915date:2016-11-24T00:00:00
db:CNNVDid:CNNVD-201611-442date:2016-11-22T00:00:00
db:NVDid:CVE-2016-6472date:2024-11-21T02:56:11.960

SOURCES RELEASE DATE
db:VULHUBid:VHN-95292date:2016-11-19T00:00:00
db:BIDid:94364date:2016-11-16T00:00:00
db:JVNDBid:JVNDB-2016-005915date:2016-11-24T00:00:00
db:CNNVDid:CNNVD-201611-442date:2016-11-22T00:00:00
db:NVDid:CVE-2016-6472date:2016-11-19T03:03:09.180