Sign-up

ID

VAR-202001-1192


CVE

CVE-2020-3129


TITLE

Cisco Unity Connection  Cross-site scripting vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-001456

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can utilize voice commands to make calls or listen to messages hands-free

Trust: 1.71

sources: NVD: CVE-2020-3129 // JVNDB: JVNDB-2020-001456 // VULHUB: VHN-181254

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:ltversion:12.5su2

Trust: 1.0

vendor:シスコシステムズmodel:cisco unity connectionscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:unity connectionscope:eqversion:1.21sr2

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:1.1

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:1.2

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:1.21_es65

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:1.11_sr1

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:1.11_es12

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:1.21

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:1.11

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:1.11_es1

Trust: 0.6

sources: JVNDB: JVNDB-2020-001456 // CNNVD: CNNVD-202001-1125 // NVD: CVE-2020-3129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3129
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3129
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3129
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-1125
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181254
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3129
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181254
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-3129
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3129
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-181254 // JVNDB: JVNDB-2020-001456 // CNNVD: CNNVD-202001-1125 // NVD: CVE-2020-3129 // NVD: CVE-2020-3129

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181254 // JVNDB: JVNDB-2020-001456 // NVD: CVE-2020-3129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1125

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202001-1125

PATCH

title:cisco-sa-20200122-uc-xssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-uc-xss

Trust: 0.8

title:Cisco Unity Connection Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107551

Trust: 0.6

sources: JVNDB: JVNDB-2020-001456 // CNNVD: CNNVD-202001-1125

EXTERNAL IDS

db:NVDid:CVE-2020-3129

Trust: 2.5

db:JVNDBid:JVNDB-2020-001456

Trust: 0.8

db:CNNVDid:CNNVD-202001-1125

Trust: 0.7

db:AUSCERTid:ESB-2020.0278

Trust: 0.6

db:VULHUBid:VHN-181254

Trust: 0.1

sources: VULHUB: VHN-181254 // JVNDB: JVNDB-2020-001456 // CNNVD: CNNVD-202001-1125 // NVD: CVE-2020-3129

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200122-uc-xss

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3129

Trust: 1.4

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cuc-dirtrv-m9hpnme4

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0278/

Trust: 0.6

sources: VULHUB: VHN-181254 // JVNDB: JVNDB-2020-001456 // CNNVD: CNNVD-202001-1125 // NVD: CVE-2020-3129

SOURCES

db:VULHUBid:VHN-181254
db:JVNDBid:JVNDB-2020-001456
db:CNNVDid:CNNVD-202001-1125
db:NVDid:CVE-2020-3129

LAST UPDATE DATE

2024-08-14T14:25:38.793000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181254date:2020-01-28T00:00:00
db:JVNDBid:JVNDB-2020-001456date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-202001-1125date:2020-02-26T00:00:00
db:NVDid:CVE-2020-3129date:2020-01-28T15:54:33.727

SOURCES RELEASE DATE

db:VULHUBid:VHN-181254date:2020-01-26T00:00:00
db:JVNDBid:JVNDB-2020-001456date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-202001-1125date:2020-01-26T00:00:00
db:NVDid:CVE-2020-3129date:2020-01-26T05:15:17.477