Sign-up

ID

VAR-201508-0501


CVE

CVE-2015-4292


TITLE

Cisco Prime Central for Hosted Collaboration Solution Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003963

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuv45818. The platform provides functions such as secure access authentication and real-time fault analysis

Trust: 1.98

sources: NVD: CVE-2015-4292 // JVNDB: JVNDB-2015-003963 // BID: 76124 // VULHUB: VHN-82253

AFFECTED PRODUCTS

vendor:ciscomodel:prime central for hosted collaboration solution assurancescope:eqversion:10.6\(2\)

Trust: 1.6

vendor:ciscomodel:prime central for hosted collaboration solutionscope:eqversion:(pc4hcs) 10.6(2)

Trust: 0.8

vendor:ciscomodel:prime central for hosted collaboration solutionscope:eqversion:10.6(2)

Trust: 0.3

sources: BID: 76124 // JVNDB: JVNDB-2015-003963 // CNNVD: CNNVD-201507-847 // NVD: CVE-2015-4292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4292
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4292
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-847
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82253
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4292
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82253
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82253 // JVNDB: JVNDB-2015-003963 // CNNVD: CNNVD-201507-847 // NVD: CVE-2015-4292

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-82253 // JVNDB: JVNDB-2015-003963 // NVD: CVE-2015-4292

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-847

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201507-847

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003963

PATCH
title:40214url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40214
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003963

EXTERNAL IDS
db:NVDid:CVE-2015-4292
Trust: 2.8
db:SECTRACKid:1033172
Trust: 1.1
db:JVNDBid:JVNDB-2015-003963
Trust: 0.8
db:CNNVDid:CNNVD-201507-847
Trust: 0.7
db:BIDid:76124
Trust: 0.4
db:VULHUBid:VHN-82253
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82253 // 
            
            
            
            BID: 76124 // 
            
            
            
            JVNDB: JVNDB-2015-003963 // 
            
            
            
            CNNVD: CNNVD-201507-847 // 
            
            
            
            NVD: CVE-2015-4292

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40214
Trust: 2.0
url:http://www.securitytracker.com/id/1033172
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4292
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4292
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82253 // 
            
            
            
            BID: 76124 // 
            
            
            
            JVNDB: JVNDB-2015-003963 // 
            
            
            
            CNNVD: CNNVD-201507-847 // 
            
            
            
            NVD: CVE-2015-4292

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76124

SOURCES
db:VULHUBid:VHN-82253
db:BIDid:76124
db:JVNDBid:JVNDB-2015-003963
db:CNNVDid:CNNVD-201507-847
db:NVDid:CVE-2015-4292

LAST UPDATE DATE
2025-04-13T23:31:33.843000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82253date:2015-08-21T00:00:00
db:BIDid:76124date:2015-07-30T00:00:00
db:JVNDBid:JVNDB-2015-003963date:2015-08-04T00:00:00
db:CNNVDid:CNNVD-201507-847date:2015-08-03T00:00:00
db:NVDid:CVE-2015-4292date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-82253date:2015-08-01T00:00:00
db:BIDid:76124date:2015-07-30T00:00:00
db:JVNDBid:JVNDB-2015-003963date:2015-08-04T00:00:00
db:CNNVDid:CNNVD-201507-847date:2015-07-31T00:00:00
db:NVDid:CVE-2015-4292date:2015-08-01T01:59:16.957