Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1305 (GCVE-0-2016-1305)
Vulnerability from cvelistv5 – Published: 2016-02-07 11:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:12.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034902",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034902"
},
{
"name": "20160201 Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034902",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034902"
},
{
"name": "20160201 Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034902",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034902"
},
{
"name": "20160201 Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1305",
"datePublished": "2016-02-07T11:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:12.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.1_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6BBBC4D-1C89-4B9A-BAF0-C151CEED587A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s de vectores que implican entidades HTML, tambi\\u00e9n conocido como Bug ID CSCux15511.\"}]",
"id": "CVE-2016-1305",
"lastModified": "2024-11-21T02:46:09.263",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-02-07T11:59:02.880",
"references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034902\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-1305\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-02-07T11:59:02.880\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores que implican entidades HTML, tambi\u00e9n conocido como Bug ID CSCux15511.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.1_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6BBBC4D-1C89-4B9A-BAF0-C151CEED587A\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034902\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2016-AVI-045
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Digital Media Manager (DMM) | ||
| Cisco | N/A | Cisco NAC Guest Server versions antérieures à 2.1.0 (disponible le 19 février 2016) | ||
| Cisco | IOS | IOS-XR for Cisco Network Convergence System (NCS) 6000 | ||
| Cisco | N/A | Cisco Intelligent Automation for Cloud | ||
| Cisco | N/A | Cisco DCM Series 9900-Digital Content Manager versions antérieures à 18.0 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco Video Surveillance Media Server | ||
| Cisco | N/A | Cisco FireSIGHT System Software versions antérieures à 6.1 (disponible en juin 2016) | ||
| Cisco | Unified Communications Manager Session Management Edition | Cisco Unified Communications Manager Session Management Edition (SME) | ||
| Cisco | N/A | Cisco Videoscape Policy and Resource Management | ||
| Cisco | N/A | Cisco Management Heartbeat Server versions antérieures à RMS5.x MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco Standalone rack server CIMC | ||
| Cisco | N/A | Cloud Object Store (COS) versions antérieures à 3.8 (disponible le 9 avril 2016) | ||
| Cisco | N/A | Cisco Universal Small Cell 7000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server (VCS) versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco UCS Central | ||
| Cisco | N/A | Cisco TelePresence Conductor versions antérieures à XC4.2 (disponible le 30 mars 2016) | ||
| Cisco | N/A | Cisco Application and Content Networking System (ACNS) versions antérieures à 5.5.41 (disponible le 29 février 2016) | ||
| Cisco | N/A | Cisco Digital Media Manager | ||
| Cisco | N/A | Cisco Virtual Topology System | ||
| Cisco | N/A | Cisco IP Interoperability and Collaboration System (IPICS) | ||
| Cisco | Unified Communications | Unified Communications Deployment Tools | ||
| Cisco | N/A | Cisco Enterprise Content Delivery System (ECDS) versions antérieures à 2.6.7 (disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Quantum Virtualized Packet Core | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1 | ||
| Cisco | N/A | Cisco ASA CX et Cisco Prime Security Manager versions antérieures à 9.3.4.5 (disponible le 30 mai 2016) | ||
| Cisco | Jabber | Cisco Jabber Guest 10.0(2) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.1(11) Patch 1 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco 910 Industrial Router | ||
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco TelePresence MX Series | ||
| Cisco | N/A | Cisco TelePresence SX Series | ||
| Cisco | N/A | Cisco Clean Access Manager versions antérieures à 4.9.5 (disponible le 19 février 2016) | ||
| Cisco | N/A | Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Fog Director version 1.0(0) | ||
| Cisco | N/A | Cisco Universal Small Cell 5000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) | ||
| Cisco | N/A | Cisco Service Control Operating System | ||
| Cisco | N/A | Cisco Media Experience Engines (MXE) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) | ||
| Cisco | N/A | Cisco Telepresence Integrator C Series | ||
| Cisco | N/A | Cisco TelePresence EX Series | ||
| Cisco | N/A | Cisco Edge 300 Digital Media Player versions antérieures à 1.6RB4_4 (disponible le 25 février 2016) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.3(05) Patch 1 (disponible le 30 avril 2016) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (UCM) | ||
| Cisco | N/A | Cisco TelePresence Profile Series | ||
| Cisco | N/A | Cisco 3G Femtocell Wireless versions antérieures à SR10MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco NAC Server versions antérieures à 4.9.5 (disponible le 19 février 2016) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Digital Media Manager (DMM)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Guest Server versions ant\u00e9rieures \u00e0 2.1.0 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS-XR for Cisco Network Convergence System (NCS) 6000",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intelligent Automation for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DCM Series 9900-Digital Content Manager versions ant\u00e9rieures \u00e0 18.0 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Media Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FireSIGHT System Software versions ant\u00e9rieures \u00e0 6.1 (disponible en juin 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Session Management Edition (SME)",
"product": {
"name": "Unified Communications Manager Session Management Edition",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Videoscape Policy and Resource Management",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Management Heartbeat Server versions ant\u00e9rieures \u00e0 RMS5.x MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Standalone rack server CIMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cloud Object Store (COS) versions ant\u00e9rieures \u00e0 3.8 (disponible le 9 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 7000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Central",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Conductor versions ant\u00e9rieures \u00e0 XC4.2 (disponible le 30 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application and Content Networking System (ACNS) versions ant\u00e9rieures \u00e0 5.5.41 (disponible le 29 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Digital Media Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Topology System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Interoperability and Collaboration System (IPICS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Deployment Tools",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise Content Delivery System (ECDS) versions ant\u00e9rieures \u00e0 2.6.7 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Quantum Virtualized Packet Core",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA CX et Cisco Prime Security Manager versions ant\u00e9rieures \u00e0 9.3.4.5 (disponible le 30 mai 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber Guest 10.0(2)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.1(11) Patch 1 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 910 Industrial Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence SX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Clean Access Manager versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Fog Director version 1.0(0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 5000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Service Control Operating System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Media Experience Engines (MXE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Telepresence Integrator C Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence EX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Edge 300 Digital Media Player versions ant\u00e9rieures \u00e0 1.6RB4_4 (disponible le 25 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.3(05) Patch 1 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Profile Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 3G Femtocell Wireless versions ant\u00e9rieures \u00e0 SR10MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Server versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2015-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7976"
},
{
"name": "CVE-2015-8158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2016-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1305"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7975"
},
{
"name": "CVE-2015-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7978"
},
{
"name": "CVE-2015-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8140"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8139"
},
{
"name": "CVE-2016-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1306"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
}
],
"reference": "CERTFR-2016-AVI-045",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-045
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Digital Media Manager (DMM) | ||
| Cisco | N/A | Cisco NAC Guest Server versions antérieures à 2.1.0 (disponible le 19 février 2016) | ||
| Cisco | IOS | IOS-XR for Cisco Network Convergence System (NCS) 6000 | ||
| Cisco | N/A | Cisco Intelligent Automation for Cloud | ||
| Cisco | N/A | Cisco DCM Series 9900-Digital Content Manager versions antérieures à 18.0 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco Video Surveillance Media Server | ||
| Cisco | N/A | Cisco FireSIGHT System Software versions antérieures à 6.1 (disponible en juin 2016) | ||
| Cisco | Unified Communications Manager Session Management Edition | Cisco Unified Communications Manager Session Management Edition (SME) | ||
| Cisco | N/A | Cisco Videoscape Policy and Resource Management | ||
| Cisco | N/A | Cisco Management Heartbeat Server versions antérieures à RMS5.x MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco Standalone rack server CIMC | ||
| Cisco | N/A | Cloud Object Store (COS) versions antérieures à 3.8 (disponible le 9 avril 2016) | ||
| Cisco | N/A | Cisco Universal Small Cell 7000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server (VCS) versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco UCS Central | ||
| Cisco | N/A | Cisco TelePresence Conductor versions antérieures à XC4.2 (disponible le 30 mars 2016) | ||
| Cisco | N/A | Cisco Application and Content Networking System (ACNS) versions antérieures à 5.5.41 (disponible le 29 février 2016) | ||
| Cisco | N/A | Cisco Digital Media Manager | ||
| Cisco | N/A | Cisco Virtual Topology System | ||
| Cisco | N/A | Cisco IP Interoperability and Collaboration System (IPICS) | ||
| Cisco | Unified Communications | Unified Communications Deployment Tools | ||
| Cisco | N/A | Cisco Enterprise Content Delivery System (ECDS) versions antérieures à 2.6.7 (disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Quantum Virtualized Packet Core | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1 | ||
| Cisco | N/A | Cisco ASA CX et Cisco Prime Security Manager versions antérieures à 9.3.4.5 (disponible le 30 mai 2016) | ||
| Cisco | Jabber | Cisco Jabber Guest 10.0(2) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.1(11) Patch 1 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco 910 Industrial Router | ||
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco TelePresence MX Series | ||
| Cisco | N/A | Cisco TelePresence SX Series | ||
| Cisco | N/A | Cisco Clean Access Manager versions antérieures à 4.9.5 (disponible le 19 février 2016) | ||
| Cisco | N/A | Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Fog Director version 1.0(0) | ||
| Cisco | N/A | Cisco Universal Small Cell 5000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) | ||
| Cisco | N/A | Cisco Service Control Operating System | ||
| Cisco | N/A | Cisco Media Experience Engines (MXE) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) | ||
| Cisco | N/A | Cisco Telepresence Integrator C Series | ||
| Cisco | N/A | Cisco TelePresence EX Series | ||
| Cisco | N/A | Cisco Edge 300 Digital Media Player versions antérieures à 1.6RB4_4 (disponible le 25 février 2016) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.3(05) Patch 1 (disponible le 30 avril 2016) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (UCM) | ||
| Cisco | N/A | Cisco TelePresence Profile Series | ||
| Cisco | N/A | Cisco 3G Femtocell Wireless versions antérieures à SR10MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco NAC Server versions antérieures à 4.9.5 (disponible le 19 février 2016) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Digital Media Manager (DMM)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Guest Server versions ant\u00e9rieures \u00e0 2.1.0 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS-XR for Cisco Network Convergence System (NCS) 6000",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intelligent Automation for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DCM Series 9900-Digital Content Manager versions ant\u00e9rieures \u00e0 18.0 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Media Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FireSIGHT System Software versions ant\u00e9rieures \u00e0 6.1 (disponible en juin 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Session Management Edition (SME)",
"product": {
"name": "Unified Communications Manager Session Management Edition",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Videoscape Policy and Resource Management",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Management Heartbeat Server versions ant\u00e9rieures \u00e0 RMS5.x MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Standalone rack server CIMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cloud Object Store (COS) versions ant\u00e9rieures \u00e0 3.8 (disponible le 9 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 7000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Central",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Conductor versions ant\u00e9rieures \u00e0 XC4.2 (disponible le 30 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application and Content Networking System (ACNS) versions ant\u00e9rieures \u00e0 5.5.41 (disponible le 29 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Digital Media Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Topology System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Interoperability and Collaboration System (IPICS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Deployment Tools",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise Content Delivery System (ECDS) versions ant\u00e9rieures \u00e0 2.6.7 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Quantum Virtualized Packet Core",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA CX et Cisco Prime Security Manager versions ant\u00e9rieures \u00e0 9.3.4.5 (disponible le 30 mai 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber Guest 10.0(2)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.1(11) Patch 1 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 910 Industrial Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence SX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Clean Access Manager versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Fog Director version 1.0(0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 5000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Service Control Operating System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Media Experience Engines (MXE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Telepresence Integrator C Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence EX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Edge 300 Digital Media Player versions ant\u00e9rieures \u00e0 1.6RB4_4 (disponible le 25 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.3(05) Patch 1 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Profile Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 3G Femtocell Wireless versions ant\u00e9rieures \u00e0 SR10MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Server versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2015-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7976"
},
{
"name": "CVE-2015-8158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2016-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1305"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7975"
},
{
"name": "CVE-2015-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7978"
},
{
"name": "CVE-2015-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8140"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8139"
},
{
"name": "CVE-2016-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1306"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
}
],
"reference": "CERTFR-2016-AVI-045",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": null
}
]
}
CNVD-2016-00881
Vulnerability from cnvd - Published: 2016-02-15
VLAI Severity ?
Title
Cisco Application Policy Infrastructure Controller跨站脚本漏洞
Description
Cisco Application Policy Infrastructure Controller(APIC)是美一款自动化管理以应用为中心的基础设施(ACI)的控制器。
Cisco Application Policy Infrastructure Controller存在跨站脚本漏洞,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。
Severity
中
Patch Name
Cisco Application Policy Infrastructure Controller跨站脚本漏洞的补丁
Patch Description
Cisco Application Policy Infrastructure Controller(APIC)是美一款自动化管理以应用为中心的基础设施(ACI)的控制器。
Cisco Application Policy Infrastructure Controller存在跨站脚本漏洞,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.cisco.com/
Reference
http://www.securityfocus.com/bid/82318
Impacted products
| Name | Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 |
|---|
{
"bids": {
"bid": {
"bidNumber": "82318"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-1305"
}
},
"description": "Cisco Application Policy Infrastructure Controller\uff08APIC\uff09\u662f\u7f8e\u4e00\u6b3e\u81ea\u52a8\u5316\u7ba1\u7406\u4ee5\u5e94\u7528\u4e3a\u4e2d\u5fc3\u7684\u57fa\u7840\u8bbe\u65bd\uff08ACI\uff09\u7684\u63a7\u5236\u5668\u3002\r\n\r\nCisco Application Policy Infrastructure Controller\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e,\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002",
"discovererName": "Cisco",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.cisco.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-00881",
"openTime": "2016-02-15",
"patchDescription": "Cisco Application Policy Infrastructure Controller\uff08APIC\uff09\u662f\u7f8e\u4e00\u6b3e\u81ea\u52a8\u5316\u7ba1\u7406\u4ee5\u5e94\u7528\u4e3a\u4e2d\u5fc3\u7684\u57fa\u7840\u8bbe\u65bd\uff08ACI\uff09\u7684\u63a7\u5236\u5668\u3002\r\n\r\nCisco Application Policy Infrastructure Controller\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e,\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco Application Policy Infrastructure Controller\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1"
},
"referenceLink": "http://www.securityfocus.com/bid/82318",
"serverity": "\u4e2d",
"submitTime": "2016-02-08",
"title": "Cisco Application Policy Infrastructure Controller\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}
VAR-201602-0046
Vulnerability from variot - Updated: 2023-12-18 14:05Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. Vendors have confirmed this vulnerability Bug ID CSCux15511 It is released as.By a third party HTML Depending on the issue with the entity, Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCux15511
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application policy infrastructure controller enterprise module",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "application policy infrastructure controller enterprise module",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.1_base"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"db": "BID",
"id": "82318"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "NVD",
"id": "CVE-2016-1305"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.1_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1305"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "82318"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-1305",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00881",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-90124",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1305",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-00881",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90124",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"db": "VULHUB",
"id": "VHN-90124"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "NVD",
"id": "CVE-2016-1305"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. Vendors have confirmed this vulnerability Bug ID CSCux15511 It is released as.By a third party HTML Depending on the issue with the entity, Web Script or HTML May be inserted. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThis issue is being tracked by Cisco Bug IDs CSCux15511",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1305"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"db": "BID",
"id": "82318"
},
{
"db": "VULHUB",
"id": "VHN-90124"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1305",
"trust": 3.4
},
{
"db": "BID",
"id": "82318",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1034902",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00881",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90124",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"db": "VULHUB",
"id": "VHN-90124"
},
{
"db": "BID",
"id": "82318"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "NVD",
"id": "CVE-2016-1305"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
]
},
"id": "VAR-201602-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"db": "VULHUB",
"id": "VHN-90124"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00881"
}
]
},
"last_update_date": "2023-12-18T14:05:58.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160201-apic-em",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160201-apic-em"
},
{
"title": "Patch for CiscoApplicationPolicyInfrastructureController Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/71291"
},
{
"title": "Cisco Application Policy Infrastructure Controller Enterprise Module Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60050"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90124"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "NVD",
"id": "CVE-2016-1305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160201-apic-em"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/82318"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034902"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1305"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1305"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"db": "VULHUB",
"id": "VHN-90124"
},
{
"db": "BID",
"id": "82318"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "NVD",
"id": "CVE-2016-1305"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"db": "VULHUB",
"id": "VHN-90124"
},
{
"db": "BID",
"id": "82318"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "NVD",
"id": "CVE-2016-1305"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"date": "2016-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-90124"
},
{
"date": "2016-02-01T00:00:00",
"db": "BID",
"id": "82318"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"date": "2016-02-07T11:59:02.880000",
"db": "NVD",
"id": "CVE-2016-1305"
},
{
"date": "2016-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00881"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90124"
},
{
"date": "2016-02-01T00:00:00",
"db": "BID",
"id": "82318"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"date": "2016-12-06T03:06:38.713000",
"db": "NVD",
"id": "CVE-2016-1305"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Application Policy Infrastructure Controller Enterprise Module cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001492"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-046"
}
],
"trust": 0.6
}
}
FKIE_CVE-2016-1305
Vulnerability from fkie_nvd - Published: 2016-02-07 11:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_policy_infrastructure_controller_enterprise_module | 1.1_base |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BBBC4D-1C89-4B9A-BAF0-C151CEED587A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores que implican entidades HTML, tambi\u00e9n conocido como Bug ID CSCux15511."
}
],
"id": "CVE-2016-1305",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-07T11:59:02.880",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1034902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034902"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-PPV7-J33G-9WRV
Vulnerability from github – Published: 2022-05-17 03:29 – Updated: 2022-05-17 03:29
VLAI?
Details
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
Severity ?
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2016-1305"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-02-07T11:59:00Z",
"severity": "MODERATE"
},
"details": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.",
"id": "GHSA-ppv7-j33g-9wrv",
"modified": "2022-05-17T03:29:29Z",
"published": "2022-05-17T03:29:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1305"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034902"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2016-1305
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1305",
"description": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.",
"id": "GSD-2016-1305"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1305"
],
"details": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.",
"id": "GSD-2016-1305",
"modified": "2023-12-13T01:21:24.627314Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034902",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034902"
},
{
"name": "20160201 Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.1_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1305"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160201 Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"name": "1034902",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1034902"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2016-12-06T03:06Z",
"publishedDate": "2016-02-07T11:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…