ID

VAR-202002-0797


CVE

CVE-2015-0749


TITLE

Cisco Unified Communications Manager Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-008593

DESCRIPTION

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. This issue is being tracked by Cisco Bug ID CSCut66725. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 2.07

sources: NVD: CVE-2015-0749 // JVNDB: JVNDB-2015-008593 // BID: 74785 // VULHUB: VHN-78695 // VULMON: CVE-2015-0749

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:lteversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 0.3

sources: BID: 74785 // JVNDB: JVNDB-2015-008593 // NVD: CVE-2015-0749

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0749
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2015-0749
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2015-008593
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-492
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78695
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-0749
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0749
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2015-008593
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-78695
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-0749
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2015-0749
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2015-008593
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-78695 // VULMON: CVE-2015-0749 // JVNDB: JVNDB-2015-008593 // CNNVD: CNNVD-201505-492 // NVD: CVE-2015-0749 // NVD: CVE-2015-0749

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78695 // JVNDB: JVNDB-2015-008593 // NVD: CVE-2015-0749

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-492

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201505-492

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008593

PATCH

title:Cisco-SA-20150522-CVE-2015-0749url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749

Trust: 0.8

title:Cisco Unified Communications Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110062

Trust: 0.6

title:Cisco: Cisco Unified Communications Manager Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150522-CVE-2015-0749

Trust: 0.1

sources: VULMON: CVE-2015-0749 // JVNDB: JVNDB-2015-008593 // CNNVD: CNNVD-201505-492

EXTERNAL IDS

db:NVDid:CVE-2015-0749

Trust: 2.9

db:JVNDBid:JVNDB-2015-008593

Trust: 0.8

db:CNNVDid:CNNVD-201505-492

Trust: 0.7

db:BIDid:74785

Trust: 0.5

db:VULHUBid:VHN-78695

Trust: 0.1

db:VULMONid:CVE-2015-0749

Trust: 0.1

sources: VULHUB: VHN-78695 // VULMON: CVE-2015-0749 // BID: 74785 // JVNDB: JVNDB-2015-008593 // CNNVD: CNNVD-201505-492 // NVD: CVE-2015-0749

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150522-cve-2015-0749

Trust: 1.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0749

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-0749

Trust: 0.8

url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html

Trust: 0.3

url:http://tools.cisco.com/security/center/viewalert.x?alertid=38964cc

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/74785

Trust: 0.1

sources: VULHUB: VHN-78695 // VULMON: CVE-2015-0749 // BID: 74785 // JVNDB: JVNDB-2015-008593 // CNNVD: CNNVD-201505-492 // NVD: CVE-2015-0749

CREDITS

Cisco

Trust: 0.9

sources: BID: 74785 // CNNVD: CNNVD-201505-492

SOURCES

db:VULHUBid:VHN-78695
db:VULMONid:CVE-2015-0749
db:BIDid:74785
db:JVNDBid:JVNDB-2015-008593
db:CNNVDid:CNNVD-201505-492
db:NVDid:CVE-2015-0749

LAST UPDATE DATE

2024-08-14T15:33:39.049000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-78695date:2020-02-21T00:00:00
db:VULMONid:CVE-2015-0749date:2020-02-21T00:00:00
db:BIDid:74785date:2015-05-22T00:00:00
db:JVNDBid:JVNDB-2015-008593date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-201505-492date:2020-03-02T00:00:00
db:NVDid:CVE-2015-0749date:2020-02-21T18:47:24.163

SOURCES RELEASE DATE

db:VULHUBid:VHN-78695date:2020-02-19T00:00:00
db:VULMONid:CVE-2015-0749date:2020-02-19T00:00:00
db:BIDid:74785date:2015-05-22T00:00:00
db:JVNDBid:JVNDB-2015-008593date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-201505-492date:2015-05-25T00:00:00
db:NVDid:CVE-2015-0749date:2020-02-19T03:15:10.370