Details of VAR-202009-0482

ID

VAR-202009-0482

CVE

CVE-2019-16025

TITLE

Cisco Emergency Responder Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-016034

DESCRIPTION

A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information. Cisco Emergency Responder Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2019-16025 // JVNDB: JVNDB-2019-016034 // VULHUB: VHN-148130

AFFECTED PRODUCTS

vendor:	cisco	model:	emergency responder	scope:	lte	version:	12.5_su1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco emergency responder ソフトウェア	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco emergency responder ソフトウェア	scope:	eq	version:	cisco emergency responder software	Trust: 0.8

sources: JVNDB: JVNDB-2019-016034 // NVD: CVE-2019-16025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-16025
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-16025
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-16025
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-232
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148130
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-16025
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148130
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-16025
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-16025
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	CVE-2019-16025
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-148130 // JVNDB: JVNDB-2019-016034 // CNNVD: CNNVD-202001-232 // NVD: CVE-2019-16025 // NVD: CVE-2019-16025

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-148130 // JVNDB: JVNDB-2019-016034 // NVD: CVE-2019-16025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-232

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202001-232

PATCH

title:

cisco-sa-20200108-er-xss

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-er-xss

Trust: 0.8

sources: JVNDB: JVNDB-2019-016034

EXTERNAL IDS

db:	NVD	id:	CVE-2019-16025	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-016034	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-232	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0089	Trust: 0.6
db:	VULHUB	id:	VHN-148130	Trust: 0.1

sources: VULHUB: VHN-148130 // JVNDB: JVNDB-2019-016034 // CNNVD: CNNVD-202001-232 // NVD: CVE-2019-16025

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200108-er-xss	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16025	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0089/	Trust: 0.6

sources: VULHUB: VHN-148130 // JVNDB: JVNDB-2019-016034 // CNNVD: CNNVD-202001-232 // NVD: CVE-2019-16025

SOURCES

db:	VULHUB	id:	VHN-148130
db:	JVNDB	id:	JVNDB-2019-016034
db:	CNNVD	id:	CNNVD-202001-232
db:	NVD	id:	CVE-2019-16025

LAST UPDATE DATE

2024-11-23T21:35:20.241000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148130	date:	2020-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-016034	date:	2021-04-14T08:55:00
db:	CNNVD	id:	CNNVD-202001-232	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-16025	date:	2024-11-21T04:29:57.160

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148130	date:	2020-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-016034	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202001-232	date:	2020-01-08T00:00:00
db:	NVD	id:	CVE-2019-16025	date:	2020-09-23T01:15:14.127