Details of VAR-201612-0362

ID

VAR-201612-0362

CVE

CVE-2016-9200

TITLE

Cisco Prime Collaboration Assurance of Web Cross-site scripting vulnerability in framework code

Trust: 0.8

sources: JVNDB: JVNDB-2016-006282

DESCRIPTION

A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. More Information: CSCut43268. Known Affected Releases: 10.5(1) 10.6. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCut43268. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. The vulnerability stems from the fact that the program does not fully detect the parameters entered by the web server

Trust: 1.98

sources: NVD: CVE-2016-9200 // JVNDB: JVNDB-2016-006282 // BID: 94806 // VULHUB: VHN-98020

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.5(1)	Trust: 0.8
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.6	Trust: 0.8
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	0	Trust: 0.3

sources: BID: 94806 // JVNDB: JVNDB-2016-006282 // CNNVD: CNNVD-201612-228 // NVD: CVE-2016-9200

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9200
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9200
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201612-228
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98020
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9200
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-98020
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9200
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-98020 // JVNDB: JVNDB-2016-006282 // CNNVD: CNNVD-201612-228 // NVD: CVE-2016-9200

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-98020 // JVNDB: JVNDB-2016-006282 // NVD: CVE-2016-9200

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-228

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201612-228

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006282

PATCH

title:	cisco-sa-20161207-pca	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca	Trust: 0.8
title:	Cisco Prime Collaboration Assurance Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66265	Trust: 0.6

sources: JVNDB: JVNDB-2016-006282 // CNNVD: CNNVD-201612-228

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9200	Trust: 2.8
db:	BID	id:	94806	Trust: 1.4
db:	SECTRACK	id:	1037414	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-006282	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-228	Trust: 0.7
db:	VULHUB	id:	VHN-98020	Trust: 0.1

sources: VULHUB: VHN-98020 // BID: 94806 // JVNDB: JVNDB-2016-006282 // CNNVD: CNNVD-201612-228 // NVD: CVE-2016-9200

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-pca	Trust: 2.0
url:	http://www.securityfocus.com/bid/94806	Trust: 1.1
url:	http://www.securitytracker.com/id/1037414	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9200	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9200	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-98020 // BID: 94806 // JVNDB: JVNDB-2016-006282 // CNNVD: CNNVD-201612-228 // NVD: CVE-2016-9200

CREDITS

Cisco

Trust: 0.3

sources: BID: 94806

SOURCES

db:	VULHUB	id:	VHN-98020
db:	BID	id:	94806
db:	JVNDB	id:	JVNDB-2016-006282
db:	CNNVD	id:	CNNVD-201612-228
db:	NVD	id:	CVE-2016-9200

LAST UPDATE DATE

2024-11-23T22:22:41.827000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-98020	date:	2016-12-22T00:00:00
db:	BID	id:	94806	date:	2016-12-20T01:08:00
db:	JVNDB	id:	JVNDB-2016-006282	date:	2016-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201612-228	date:	2016-12-12T00:00:00
db:	NVD	id:	CVE-2016-9200	date:	2024-11-21T03:00:47.337

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-98020	date:	2016-12-14T00:00:00
db:	BID	id:	94806	date:	2016-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-006282	date:	2016-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201612-228	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-9200	date:	2016-12-14T00:59:20.520