Details of VAR-202001-0694

ID

VAR-202001-0694

CVE

CVE-2019-15278

TITLE

Cisco Finesse Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-014239

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. Cisco Finesse Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Cisco Finesse is a set of call center management software developed by Cisco

Trust: 1.71

sources: NVD: CVE-2019-15278 // JVNDB: JVNDB-2019-014239 // VULHUB: VHN-147308

AFFECTED PRODUCTS

vendor:	cisco	model:	finesse	scope:	eq	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	11.6\(1\)	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	12.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.0\(1\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco finesse	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco unified contact center express	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-014239 // NVD: CVE-2019-15278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15278
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15278
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-15278
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-231
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-147308
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15278
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-147308
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-15278
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-15278
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-147308 // JVNDB: JVNDB-2019-014239 // CNNVD: CNNVD-202001-231 // NVD: CVE-2019-15278 // NVD: CVE-2019-15278

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-147308 // JVNDB: JVNDB-2019-014239 // NVD: CVE-2019-15278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-231

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202001-231

PATCH

title:	cisco-sa-20200108-finesse-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-finesse-xss	Trust: 0.8
title:	Cisco Finesse Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109194	Trust: 0.6

sources: JVNDB: JVNDB-2019-014239 // CNNVD: CNNVD-202001-231

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15278	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014239	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-231	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0080	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0080.2	Trust: 0.6
db:	CNVD	id:	CNVD-2020-03722	Trust: 0.1
db:	VULHUB	id:	VHN-147308	Trust: 0.1

sources: VULHUB: VHN-147308 // JVNDB: JVNDB-2019-014239 // CNNVD: CNNVD-202001-231 // NVD: CVE-2019-15278

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200108-finesse-xss	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15278	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.0080.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0080/	Trust: 0.6

sources: VULHUB: VHN-147308 // JVNDB: JVNDB-2019-014239 // CNNVD: CNNVD-202001-231 // NVD: CVE-2019-15278

SOURCES

db:	VULHUB	id:	VHN-147308
db:	JVNDB	id:	JVNDB-2019-014239
db:	CNNVD	id:	CNNVD-202001-231
db:	NVD	id:	CVE-2019-15278

LAST UPDATE DATE

2024-08-14T14:45:05.140000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147308	date:	2020-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-014239	date:	2020-02-07T00:00:00
db:	CNNVD	id:	CNNVD-202001-231	date:	2020-04-01T00:00:00
db:	NVD	id:	CVE-2019-15278	date:	2020-01-27T18:34:07.797

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147308	date:	2020-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-014239	date:	2020-02-07T00:00:00
db:	CNNVD	id:	CNNVD-202001-231	date:	2020-01-08T00:00:00
db:	NVD	id:	CVE-2019-15278	date:	2020-01-26T05:15:11.647