ID

VAR-201612-0368


CVE

CVE-2016-9206


TITLE

Cisco Unified Communications Manager of ccmadmin Page vulnerable to reflective cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-006319

DESCRIPTION

A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvb64641. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML

Trust: 1.98

sources: NVD: CVE-2016-9206 // JVNDB: JVNDB-2016-006319 // BID: 94793 // VULHUB: VHN-98026

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 94793 // JVNDB: JVNDB-2016-006319 // CNNVD: CNNVD-201612-277 // NVD: CVE-2016-9206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9206
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9206
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201612-277
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98026
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9206
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-98026
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9206
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-98026 // JVNDB: JVNDB-2016-006319 // CNNVD: CNNVD-201612-277 // NVD: CVE-2016-9206

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-98026 // JVNDB: JVNDB-2016-006319 // NVD: CVE-2016-9206

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-277

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201612-277

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006319

PATCH

title:cisco-sa-20161207-cucmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm

Trust: 0.8

title:Cisco Unified Communications Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66316

Trust: 0.6

sources: JVNDB: JVNDB-2016-006319 // CNNVD: CNNVD-201612-277

EXTERNAL IDS

db:NVDid:CVE-2016-9206

Trust: 2.8

db:BIDid:94793

Trust: 2.0

db:SECTRACKid:1037424

Trust: 1.1

db:JVNDBid:JVNDB-2016-006319

Trust: 0.8

db:CNNVDid:CNNVD-201612-277

Trust: 0.7

db:VULHUBid:VHN-98026

Trust: 0.1

sources: VULHUB: VHN-98026 // BID: 94793 // JVNDB: JVNDB-2016-006319 // CNNVD: CNNVD-201612-277 // NVD: CVE-2016-9206

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-cucm

Trust: 2.0

url:http://www.securityfocus.com/bid/94793

Trust: 1.7

url:http://www.securitytracker.com/id/1037424

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9206

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9206

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-98026 // BID: 94793 // JVNDB: JVNDB-2016-006319 // CNNVD: CNNVD-201612-277 // NVD: CVE-2016-9206

CREDITS

Cisco

Trust: 0.9

sources: BID: 94793 // CNNVD: CNNVD-201612-277

SOURCES

db:VULHUBid:VHN-98026
db:BIDid:94793
db:JVNDBid:JVNDB-2016-006319
db:CNNVDid:CNNVD-201612-277
db:NVDid:CVE-2016-9206

LAST UPDATE DATE

2024-11-23T22:34:46.853000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-98026date:2016-12-22T00:00:00
db:BIDid:94793date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-006319date:2016-12-21T00:00:00
db:CNNVDid:CNNVD-201612-277date:2016-12-13T00:00:00
db:NVDid:CVE-2016-9206date:2024-11-21T03:00:47.953

SOURCES RELEASE DATE

db:VULHUBid:VHN-98026date:2016-12-14T00:00:00
db:BIDid:94793date:2016-12-07T00:00:00
db:JVNDBid:JVNDB-2016-006319date:2016-12-21T00:00:00
db:CNNVDid:CNNVD-201612-277date:2016-12-12T00:00:00
db:NVDid:CVE-2016-9206date:2016-12-14T00:59:27.490