VAR-201206-0042
Vulnerability from variot - Updated: 2023-12-18 13:20Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715. plural Cisco Product SIP An implementation of contains a cross-site scripting vulnerability. The problem is Bug ID CSCtr27277 , CSCtr27256 , CSCtr27274 ,and CSCtr14715 It is a problem.By a third party INVITE Message FROM Any through the field Web Script or HTML May be inserted. Cisco Small Business Voice Gateways and ATAs and Cisco Small Business SPA 500 Series IP Phones are Cisco's IP telephony solutions. Due to the lack of adequate filtering of user input to the SIP INVITE message FROM field (especially the Display Name and User ID parameters), an unverified remote attacker can send a specially crafted SIP INVITE message to entice the user to access the affected device call log WEB page when malicious When a message is processed by an affected device, the application returns a response containing the malicious code provided by the attacker to the user and causes the malicious code to execute on the target user's browser. is prone to a cross-site scripting vulnerability. Also known as Bug IDs CSCtr27277, CSCtr27256, CSCtr27274 and CSCtr14715
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.3.7"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.4.6"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.4.7"
},
{
"model": "spa3102 voice gateway with router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1.7"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.4.4"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.4.3"
},
{
"model": "spa3102 voice gateway with router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.3.6"
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "lt",
"trust": 1.4,
"vendor": "cisco",
"version": "6.1.11"
},
{
"model": "spa8800 ip telephony gateway",
"scope": "lt",
"trust": 1.4,
"vendor": "cisco",
"version": "6.1.11"
},
{
"model": "spa2102 phone adapter with router",
"scope": "lt",
"trust": 1.4,
"vendor": "cisco",
"version": "5.2.13"
},
{
"model": "spa3102 voice gateway with router",
"scope": "lt",
"trust": 1.4,
"vendor": "cisco",
"version": "5.2.13"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "spa 502g 1-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 508g 8-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 525g 5-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.10"
},
{
"model": "spa2102 phone adapter with router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.12"
},
{
"model": "spa 509g 12-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 504g 4-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1.12"
},
{
"model": "spa 501g 8-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 512g 1-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa8800 ip telephony gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "spa8800 8-port ip telephony gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.7"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.5"
},
{
"model": "spa3102 voice gateway with router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1.10"
},
{
"model": "spa 525g2 5-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "spa 500 series ip phone",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4.8"
},
{
"model": "spa 514g 4-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.10"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.3"
},
{
"model": "spa3102 voice gateway with router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa500 series ip phone",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.4.9"
},
{
"model": "spa 501g 8-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 502g 1-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 504g 4-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 508g 8-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 509g 12-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 512g 1-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 514g 4-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 525g 5-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 525g2 5-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa2102 phone adapter with router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa3102 voice gateway with router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa8000 8-port ip telephony gateway",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa8800 ip telephony gateway",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa series ip phones",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500\u003c7.4.9"
},
{
"model": "spa 500 series ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.4.8"
},
{
"model": "spa2102 phone adapter with router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.2.12"
},
{
"model": "spa3102 voice gateway with router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:6.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:5.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa8000_8-port_ip_telephony_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa8800_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa8800_ip_telephony_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa2102_phone_adapter_with_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:3.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:5.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa3102_voice_gateway_with_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.4.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2545"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73800"
}
],
"trust": 0.3
},
"cve": "CVE-2011-2545",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-2545",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-50490",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-2545",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-195",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-50490",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715. plural Cisco Product SIP An implementation of contains a cross-site scripting vulnerability. The problem is Bug ID CSCtr27277 , CSCtr27256 , CSCtr27274 ,and CSCtr14715 It is a problem.By a third party INVITE Message FROM Any through the field Web Script or HTML May be inserted. Cisco Small Business Voice Gateways and ATAs and Cisco Small Business SPA 500 Series IP Phones are Cisco\u0027s IP telephony solutions. Due to the lack of adequate filtering of user input to the SIP INVITE message FROM field (especially the Display Name and User ID parameters), an unverified remote attacker can send a specially crafted SIP INVITE message to entice the user to access the affected device call log WEB page when malicious When a message is processed by an affected device, the application returns a response containing the malicious code provided by the attacker to the user and causes the malicious code to execute on the target user\u0027s browser. is prone to a cross-site scripting vulnerability. Also known as Bug IDs CSCtr27277, CSCtr27256, CSCtr27274 and CSCtr14715",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "BID",
"id": "73800"
},
{
"db": "VULHUB",
"id": "VHN-50490"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-2545",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-3171",
"trust": 0.6
},
{
"db": "BID",
"id": "73800",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-50490",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "BID",
"id": "73800"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"id": "VAR-201206-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "VULHUB",
"id": "VHN-50490"
}
],
"trust": 1.3924603333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
}
]
},
"last_update_date": "2023-12-18T13:20:14.478000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "26037",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26037"
},
{
"title": "Patch for Cisco Small Business Device Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26037"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2545"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2545"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "BID",
"id": "73800"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"db": "VULHUB",
"id": "VHN-50490"
},
{
"db": "BID",
"id": "73800"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"date": "2012-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-50490"
},
{
"date": "2012-06-13T00:00:00",
"db": "BID",
"id": "73800"
},
{
"date": "2012-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"date": "2012-06-13T20:55:01.707000",
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"date": "2012-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3171"
},
{
"date": "2012-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-50490"
},
{
"date": "2012-06-13T00:00:00",
"db": "BID",
"id": "73800"
},
{
"date": "2012-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002724"
},
{
"date": "2012-06-14T04:00:00",
"db": "NVD",
"id": "CVE-2011-2545"
},
{
"date": "2012-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Product SIP Implementation of cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-195"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…