Details of VAR-201005-0063

ID

VAR-201005-0063

CVE

CVE-2010-0594

TITLE

Cisco Router and Security Device Manager vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-000014

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. Cisco Router and Security Device Manager (SDM) is a web-based device management tool for Cisco routers. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by Cisco Bugid CSCtb38467. The bug ID is CSCtb38467

Trust: 2.52

sources: NVD: CVE-2010-0594 // JVNDB: JVNDB-2010-000014 // CNVD: CNVD-2010-0869 // BID: 40174 // VULHUB: VHN-43199

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-0869

AFFECTED PRODUCTS

vendor:	cisco	model:	router and security device manager	scope:	eq	version:	2.5	Trust: 1.6
vendor:	cisco	model:	router and security device manager	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	router and security device manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	router and security device manager router and security device manager	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	router and security device manager	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2010-0869 // BID: 40174 // JVNDB: JVNDB-2010-000014 // CNNVD: CNNVD-201005-019 // NVD: CVE-2010-0594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0594
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2010-000014
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201005-019
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-43199
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-0594
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2010-000014
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-43199
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43199 // JVNDB: JVNDB-2010-000014 // CNNVD: CNNVD-201005-019 // NVD: CVE-2010-0594

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-43199 // JVNDB: JVNDB-2010-000014 // NVD: CVE-2010-0594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201005-019

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201005-019

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-000014

PATCH

title:

Cisco Bug ID (Registered Users Only): CSCtb38467

url:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb38467

Trust: 0.8

sources: JVNDB: JVNDB-2010-000014

EXTERNAL IDS

db:	JVN	id:	JVN14313132	Trust: 3.4
db:	NVD	id:	CVE-2010-0594	Trust: 3.4
db:	JVNDB	id:	JVNDB-2010-000014	Trust: 2.5
db:	CNNVD	id:	CNNVD-201005-019	Trust: 0.7
db:	CNVD	id:	CNVD-2010-0869	Trust: 0.6
db:	JVN	id:	JVN#14313132	Trust: 0.6
db:	BID	id:	40174	Trust: 0.4
db:	VULHUB	id:	VHN-43199	Trust: 0.1

sources: CNVD: CNVD-2010-0869 // VULHUB: VHN-43199 // BID: 40174 // JVNDB: JVNDB-2010-000014 // CNNVD: CNNVD-201005-019 // NVD: CVE-2010-0594

REFERENCES

url:	http://jvn.jp/en/jp/jvn14313132/index.html	Trust: 3.4
url:	http://jvndb.jvn.jp/ja/contents/2010/jvndb-2010-000014.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0594	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0594	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2010-0869 // VULHUB: VHN-43199 // BID: 40174 // JVNDB: JVNDB-2010-000014 // CNNVD: CNNVD-201005-019 // NVD: CVE-2010-0594

CREDITS

JVN

Trust: 0.3

sources: BID: 40174

SOURCES

db:	CNVD	id:	CNVD-2010-0869
db:	VULHUB	id:	VHN-43199
db:	BID	id:	40174
db:	JVNDB	id:	JVNDB-2010-000014
db:	CNNVD	id:	CNNVD-201005-019
db:	NVD	id:	CVE-2010-0594

LAST UPDATE DATE

2025-04-11T23:12:17.248000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0869	date:	2010-05-15T00:00:00
db:	VULHUB	id:	VHN-43199	date:	2010-05-04T00:00:00
db:	BID	id:	40174	date:	2010-05-14T18:01:00
db:	JVNDB	id:	JVNDB-2010-000014	date:	2010-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201005-019	date:	2010-05-04T00:00:00
db:	NVD	id:	CVE-2010-0594	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0869	date:	2010-05-15T00:00:00
db:	VULHUB	id:	VHN-43199	date:	2010-05-04T00:00:00
db:	BID	id:	40174	date:	2010-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2010-000014	date:	2010-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201005-019	date:	2010-05-04T00:00:00
db:	NVD	id:	CVE-2010-0594	date:	2010-05-04T16:00:35.340