Details of VAR-201202-0094

ID

VAR-201202-0094

CVE

CVE-2012-0340

TITLE

Cisco IronPort Encryption Appliance Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-001403

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. The Cisco IronPort family of products is a widely used mail encryption gateway that seamlessly encrypts, decrypts, and digitally signs confidential email. Since the WEB interface provided by the device fails to properly filter the input submitted by the user, the unauthenticated remote attacker can construct a malicious link, induce the user to parse, obtain the target user's browser sensitive information or hijack the user session. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by IronPort bug 72410

Trust: 2.52

sources: NVD: CVE-2012-0340 // JVNDB: JVNDB-2012-001403 // CNVD: CNVD-2012-0630 // BID: 52030 // VULHUB: VHN-53621

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-0630

AFFECTED PRODUCTS

vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.4	Trust: 2.5
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.5	Trust: 2.5
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.6	Trust: 2.5
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7	Trust: 2.5
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5.2	Trust: 1.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.3	Trust: 1.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5	Trust: 1.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.9	Trust: 1.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.6	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.1	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.4	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.5	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.3.0.1	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.4.1	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.2	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5.0.1	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.3.0.4	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.3.0.2	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5.2.1	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.7	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	5.2	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	lte	version:	6.5.2.2	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	4.2.1-22.2.i386	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	4.2.1-22.i386	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5.0.3	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.3	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.3.0.3	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.41	Trust: 0.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.52	Trust: 0.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.77	Trust: 0.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.9.1	Trust: 0.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.34	Trust: 0.9
vendor:	cisco	model:	ironport encryption appliance	scope:	lt	version:	6.5.3	Trust: 0.8
vendor:	cisco	model:	ironport encryption appliance	scope:	ne	version:	6.5.3	Trust: 0.3

sources: CNVD: CNVD-2012-0630 // BID: 52030 // JVNDB: JVNDB-2012-001403 // CNNVD: CNNVD-201202-219 // NVD: CVE-2012-0340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-0340
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-0340
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201202-219
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-53621
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-0340
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-53621
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-53621 // JVNDB: JVNDB-2012-001403 // CNNVD: CNNVD-201202-219 // NVD: CVE-2012-0340

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-53621 // JVNDB: JVNDB-2012-001403 // NVD: CVE-2012-0340

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-219

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201202-219

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001403

PATCH

title:	25045	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=25045	Trust: 0.8
title:	Patch for Cisco IronPort Encryption Appliance Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/10078	Trust: 0.6

sources: CNVD: CNVD-2012-0630 // JVNDB: JVNDB-2012-001403

EXTERNAL IDS

db:	NVD	id:	CVE-2012-0340	Trust: 3.4
db:	JVNDB	id:	JVNDB-2012-001403	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-219	Trust: 0.7
db:	CNVD	id:	CNVD-2012-0630	Trust: 0.6
db:	NSFOCUS	id:	18777	Trust: 0.6
db:	BID	id:	52030	Trust: 0.4
db:	VULHUB	id:	VHN-53621	Trust: 0.1

sources: CNVD: CNVD-2012-0630 // VULHUB: VHN-53621 // BID: 52030 // JVNDB: JVNDB-2012-001403 // CNNVD: CNNVD-201202-219 // NVD: CVE-2012-0340

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=25045	Trust: 2.0
url:	http://www.secureworks.com/research/advisories/swrx-2012-001/	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0340	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0340	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=25045http	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/18777	Trust: 0.6
url:	http://www.ironport.com/products/	Trust: 0.3

sources: CNVD: CNVD-2012-0630 // VULHUB: VHN-53621 // BID: 52030 // JVNDB: JVNDB-2012-001403 // CNNVD: CNNVD-201202-219 // NVD: CVE-2012-0340

CREDITS

Cisco

Trust: 0.3

sources: BID: 52030

SOURCES

db:	CNVD	id:	CNVD-2012-0630
db:	VULHUB	id:	VHN-53621
db:	BID	id:	52030
db:	JVNDB	id:	JVNDB-2012-001403
db:	CNNVD	id:	CNNVD-201202-219
db:	NVD	id:	CVE-2012-0340

LAST UPDATE DATE

2025-04-11T23:18:58.594000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0630	date:	2012-02-17T00:00:00
db:	VULHUB	id:	VHN-53621	date:	2013-10-03T00:00:00
db:	BID	id:	52030	date:	2012-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2012-001403	date:	2012-02-20T00:00:00
db:	CNNVD	id:	CNNVD-201202-219	date:	2012-02-16T00:00:00
db:	NVD	id:	CVE-2012-0340	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-0630	date:	2012-02-17T00:00:00
db:	VULHUB	id:	VHN-53621	date:	2012-02-13T00:00:00
db:	BID	id:	52030	date:	2012-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2012-001403	date:	2012-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201202-219	date:	2012-02-16T00:00:00
db:	NVD	id:	CVE-2012-0340	date:	2012-02-13T22:55:01.067