Sign-up

ID

VAR-202002-0797


CVE

CVE-2015-0749


TITLE

Cisco Unified Communications Manager Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-008593

DESCRIPTION

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. This issue is being tracked by Cisco Bug ID CSCut66725. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 2.07

sources: NVD: CVE-2015-0749 // JVNDB: JVNDB-2015-008593 // BID: 74785 // VULHUB: VHN-78695 // VULMON: CVE-2015-0749

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:lteversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 0.3

sources: BID: 74785 // JVNDB: JVNDB-2015-008593 // NVD: CVE-2015-0749

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0749
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2015-0749
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2015-008593
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-492
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78695
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-0749
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0749
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2015-008593
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-78695
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-0749
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2015-0749
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2015-008593
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-78695 // VULMON: CVE-2015-0749 // JVNDB: JVNDB-2015-008593 // CNNVD: CNNVD-201505-492 // NVD: CVE-2015-0749 // NVD: CVE-2015-0749

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78695 // JVNDB: JVNDB-2015-008593 // NVD: CVE-2015-0749

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-492

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-492

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008593

PATCH
title:Cisco-SA-20150522-CVE-2015-0749url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749
Trust: 0.8
title:Cisco Unified Communications Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110062
Trust: 0.6
title:Cisco: Cisco Unified Communications Manager Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150522-CVE-2015-0749
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-0749 // 
            
            
            
            JVNDB: JVNDB-2015-008593 // 
            
            
            
            CNNVD: CNNVD-201505-492

EXTERNAL IDS
db:NVDid:CVE-2015-0749
Trust: 2.9
db:JVNDBid:JVNDB-2015-008593
Trust: 0.8
db:CNNVDid:CNNVD-201505-492
Trust: 0.7
db:BIDid:74785
Trust: 0.5
db:VULHUBid:VHN-78695
Trust: 0.1
db:VULMONid:CVE-2015-0749
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78695 // 
            
            
            
            VULMON: CVE-2015-0749 // 
            
            
            
            BID: 74785 // 
            
            
            
            JVNDB: JVNDB-2015-008593 // 
            
            
            
            CNNVD: CNNVD-201505-492 // 
            
            
            
            NVD: CVE-2015-0749

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150522-cve-2015-0749
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0749
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-0749
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38964cc
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/74785
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78695 // 
            
            
            
            VULMON: CVE-2015-0749 // 
            
            
            
            BID: 74785 // 
            
            
            
            JVNDB: JVNDB-2015-008593 // 
            
            
            
            CNNVD: CNNVD-201505-492 // 
            
            
            
            NVD: CVE-2015-0749

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 74785 // 
            
            
            
            CNNVD: CNNVD-201505-492

SOURCES
db:VULHUBid:VHN-78695
db:VULMONid:CVE-2015-0749
db:BIDid:74785
db:JVNDBid:JVNDB-2015-008593
db:CNNVDid:CNNVD-201505-492
db:NVDid:CVE-2015-0749

LAST UPDATE DATE
2024-08-14T15:33:39.049000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78695date:2020-02-21T00:00:00
db:VULMONid:CVE-2015-0749date:2020-02-21T00:00:00
db:BIDid:74785date:2015-05-22T00:00:00
db:JVNDBid:JVNDB-2015-008593date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-201505-492date:2020-03-02T00:00:00
db:NVDid:CVE-2015-0749date:2020-02-21T18:47:24.163

SOURCES RELEASE DATE
db:VULHUBid:VHN-78695date:2020-02-19T00:00:00
db:VULMONid:CVE-2015-0749date:2020-02-19T00:00:00
db:BIDid:74785date:2015-05-22T00:00:00
db:JVNDBid:JVNDB-2015-008593date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-201505-492date:2015-05-25T00:00:00
db:NVDid:CVE-2015-0749date:2020-02-19T03:15:10.370