Details of VAR-201502-0124

ID

VAR-201502-0124

CVE

CVE-2015-0594

TITLE

Cisco Prime LAN Management Solution and Cisco Security Manager Used in Cisco Common Services Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-001635

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. Vendors have confirmed this vulnerability Bug ID CSCuq54654 and CSCun18263 It is released as.By any third party Web Script or HTML May be inserted. Cisco Security Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug IDs CSCuq54654 and CSCun18263. Cisco Common Services is a set of common management services used in network management equipment

Trust: 1.98

sources: NVD: CVE-2015-0594 // JVNDB: JVNDB-2015-001635 // BID: 72793 // VULHUB: VHN-78540

AFFECTED PRODUCTS

vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	security manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	prime lan management solution	scope:	lte	version:	4.2(.3)	Trust: 0.8
vendor:	cisco	model:	security manager	scope:	lte	version:	4.6	Trust: 0.8
vendor:	cisco	model:	security manager	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	security manager sp2	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	security manager sp3	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager sp2	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	security manager sp4	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager sp3	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager sp2	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	security manager sp2	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	security manager sp1	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 72793 // JVNDB: JVNDB-2015-001635 // CNNVD: CNNVD-201502-459 // NVD: CVE-2015-0594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0594
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0594
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201502-459
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78540
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0594
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78540
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78540 // JVNDB: JVNDB-2015-001635 // CNNVD: CNNVD-201502-459 // NVD: CVE-2015-0594

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-78540 // JVNDB: JVNDB-2015-001635 // NVD: CVE-2015-0594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-459

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201502-459

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001635

PATCH

title:	Cisco Common Services Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0594	Trust: 0.8
title:	37634	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37634	Trust: 0.8

sources: JVNDB: JVNDB-2015-001635

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0594	Trust: 2.8
db:	BID	id:	72793	Trust: 1.4
db:	SECTRACK	id:	1031814	Trust: 1.1
db:	SECTRACK	id:	1031813	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001635	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-459	Trust: 0.7
db:	VULHUB	id:	VHN-78540	Trust: 0.1

sources: VULHUB: VHN-78540 // BID: 72793 // JVNDB: JVNDB-2015-001635 // CNNVD: CNNVD-201502-459 // NVD: CVE-2015-0594

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0594	Trust: 1.7
url:	http://www.securityfocus.com/bid/72793	Trust: 1.1
url:	http://www.securitytracker.com/id/1031813	Trust: 1.1
url:	http://www.securitytracker.com/id/1031814	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0594	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0594	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps11200/index.html	Trust: 0.3

sources: VULHUB: VHN-78540 // BID: 72793 // JVNDB: JVNDB-2015-001635 // CNNVD: CNNVD-201502-459 // NVD: CVE-2015-0594

CREDITS

Cisco

Trust: 0.3

sources: BID: 72793

SOURCES

db:	VULHUB	id:	VHN-78540
db:	BID	id:	72793
db:	JVNDB	id:	JVNDB-2015-001635
db:	CNNVD	id:	CNNVD-201502-459
db:	NVD	id:	CVE-2015-0594

LAST UPDATE DATE

2025-04-13T23:29:39+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78540	date:	2015-11-02T00:00:00
db:	BID	id:	72793	date:	2015-03-19T07:37:00
db:	JVNDB	id:	JVNDB-2015-001635	date:	2015-03-02T00:00:00
db:	CNNVD	id:	CNNVD-201502-459	date:	2015-03-02T00:00:00
db:	NVD	id:	CVE-2015-0594	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78540	date:	2015-02-27T00:00:00
db:	BID	id:	72793	date:	2015-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2015-001635	date:	2015-03-02T00:00:00
db:	CNNVD	id:	CNNVD-201502-459	date:	2015-02-26T00:00:00
db:	NVD	id:	CVE-2015-0594	date:	2015-02-27T02:59:32.353