Sign-up

ID

VAR-201503-0160


CVE

CVE-2015-0656


TITLE

Cisco Network Analysis Module Login page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001655

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. Vendors have confirmed this vulnerability Bug ID CSCum81269 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCum81269

Trust: 1.98

sources: NVD: CVE-2015-0656 // JVNDB: JVNDB-2015-001655 // BID: 72873 // VULHUB: VHN-78602

AFFECTED PRODUCTS

vendor:ciscomodel:network analysis modulescope:eqversion:6.0\(2\)

Trust: 1.6

vendor:ciscomodel:network analysis modulescope: - version: -

Trust: 0.8

vendor:ciscomodel:network analysis module softwarescope:ltversion:6.1.1

Trust: 0.8

vendor:ciscomodel:network analysis modulescope:eqversion:0

Trust: 0.3

sources: BID: 72873 // JVNDB: JVNDB-2015-001655 // CNNVD: CNNVD-201503-061 // NVD: CVE-2015-0656

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0656
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0656
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201503-061
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78602
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0656
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78602
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78602 // JVNDB: JVNDB-2015-001655 // CNNVD: CNNVD-201503-061 // NVD: CVE-2015-0656

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78602 // JVNDB: JVNDB-2015-001655 // NVD: CVE-2015-0656

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-061

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201503-061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001655

PATCH
title:Cisco Network Analysis Module Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0656
Trust: 0.8
title:37710url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37710
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001655

EXTERNAL IDS
db:NVDid:CVE-2015-0656
Trust: 2.8
db:SECTRACKid:1031827
Trust: 1.1
db:JVNDBid:JVNDB-2015-001655
Trust: 0.8
db:CNNVDid:CNNVD-201503-061
Trust: 0.7
db:BIDid:72873
Trust: 0.4
db:VULHUBid:VHN-78602
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78602 // 
            
            
            
            BID: 72873 // 
            
            
            
            JVNDB: JVNDB-2015-001655 // 
            
            
            
            CNNVD: CNNVD-201503-061 // 
            
            
            
            NVD: CVE-2015-0656

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0656
Trust: 2.0
url:http://www.securitytracker.com/id/1031827
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0656
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0656
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/cloud-systems-management/network-analysis-module-nam/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78602 // 
            
            
            
            BID: 72873 // 
            
            
            
            JVNDB: JVNDB-2015-001655 // 
            
            
            
            CNNVD: CNNVD-201503-061 // 
            
            
            
            NVD: CVE-2015-0656

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72873

SOURCES
db:VULHUBid:VHN-78602
db:BIDid:72873
db:JVNDBid:JVNDB-2015-001655
db:CNNVDid:CNNVD-201503-061
db:NVDid:CVE-2015-0656

LAST UPDATE DATE
2025-04-13T23:21:18.252000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78602date:2015-11-02T00:00:00
db:BIDid:72873date:2015-03-03T00:00:00
db:JVNDBid:JVNDB-2015-001655date:2015-03-05T00:00:00
db:CNNVDid:CNNVD-201503-061date:2015-03-04T00:00:00
db:NVDid:CVE-2015-0656date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78602date:2015-03-04T00:00:00
db:BIDid:72873date:2015-03-03T00:00:00
db:JVNDBid:JVNDB-2015-001655date:2015-03-05T00:00:00
db:CNNVDid:CNNVD-201503-061date:2015-03-04T00:00:00
db:NVDid:CVE-2015-0656date:2015-03-04T02:59:00.053