Details of VAR-202002-0459

ID

VAR-202002-0459

CVE

CVE-2019-15253

TITLE

Cisco Digital Network Architecture Center Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014489

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. The solution scales and protects devices, applications, and more within the network

Trust: 1.8

sources: NVD: CVE-2019-15253 // JVNDB: JVNDB-2019-014489 // VULHUB: VHN-147281 // VULMON: CVE-2019-15253

AFFECTED PRODUCTS

vendor:	cisco	model:	dna center	scope:	gte	version:	1.3.1.0	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	1.3.1.4	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	1.3.0.6	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	eq	version:	1.3.0.6	Trust: 0.8
vendor:	cisco	model:	dna center	scope:	eq	version:	1.3.1.4	Trust: 0.8

sources: JVNDB: JVNDB-2019-014489 // NVD: CVE-2019-15253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15253
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15253
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014489
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202002-126
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-147281
value:	LOW
Trust: 0.1
VULMON:	CVE-2019-15253
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-15253
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-014489
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-147281
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15253
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15253
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-014489
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-147281 // VULMON: CVE-2019-15253 // JVNDB: JVNDB-2019-014489 // CNNVD: CNNVD-202002-126 // NVD: CVE-2019-15253 // NVD: CVE-2019-15253

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-147281 // JVNDB: JVNDB-2019-014489 // NVD: CVE-2019-15253

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-126

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202002-126

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014489

PATCH

title:	cisco-sa-20190205-dnac-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190205-dnac-xss	Trust: 0.8
title:	Cisco Digital Network Architecture Center Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109343	Trust: 0.6
title:	Cisco: Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190205-dnac-xss	Trust: 0.1
title:	CVE-repository	url:	https://github.com/Orange-Cyberdefense/CVE-repository	Trust: 0.1
title:	-	url:	https://github.com/Transmetal/CVE-repository-master	Trust: 0.1

sources: VULMON: CVE-2019-15253 // JVNDB: JVNDB-2019-014489 // CNNVD: CNNVD-202002-126

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15253	Trust: 2.6
db:	PACKETSTORM	id:	157668	Trust: 1.8
db:	JVNDB	id:	JVNDB-2019-014489	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-126	Trust: 0.7
db:	EXPLOIT-DB	id:	48459	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0452	Trust: 0.6
db:	CNVD	id:	CNVD-2020-04518	Trust: 0.1
db:	VULHUB	id:	VHN-147281	Trust: 0.1
db:	VULMON	id:	CVE-2019-15253	Trust: 0.1

sources: VULHUB: VHN-147281 // VULMON: CVE-2019-15253 // JVNDB: JVNDB-2019-014489 // CNNVD: CNNVD-202002-126 // NVD: CVE-2019-15253

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190205-dnac-xss	Trust: 1.9
url:	http://packetstormsecurity.com/files/157668/cisco-digital-network-architecture-center-1.3.1.4-cross-site-scripting.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15253	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15253	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0452/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/48459	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/orange-cyberdefense/cve-repository	Trust: 0.1

sources: VULHUB: VHN-147281 // VULMON: CVE-2019-15253 // JVNDB: JVNDB-2019-014489 // CNNVD: CNNVD-202002-126 // NVD: CVE-2019-15253

CREDITS

Dylan Garnaud, Benoit Malaboeuf

Trust: 0.6

sources: CNNVD: CNNVD-202002-126

SOURCES

db:	VULHUB	id:	VHN-147281
db:	VULMON	id:	CVE-2019-15253
db:	JVNDB	id:	JVNDB-2019-014489
db:	CNNVD	id:	CNNVD-202002-126
db:	NVD	id:	CVE-2019-15253

LAST UPDATE DATE

2024-08-14T14:31:31.867000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147281	date:	2021-12-21T00:00:00
db:	VULMON	id:	CVE-2019-15253	date:	2021-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-014489	date:	2020-02-21T00:00:00
db:	CNNVD	id:	CNNVD-202002-126	date:	2020-05-13T00:00:00
db:	NVD	id:	CVE-2019-15253	date:	2021-12-21T12:53:58.333

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147281	date:	2020-02-05T00:00:00
db:	VULMON	id:	CVE-2019-15253	date:	2020-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-014489	date:	2020-02-21T00:00:00
db:	CNNVD	id:	CNNVD-202002-126	date:	2020-02-05T00:00:00
db:	NVD	id:	CVE-2019-15253	date:	2020-02-05T18:15:10.533