Sign-up

ID

VAR-201601-0006


CVE

CVE-2015-6337


TITLE

Cisco Application Policy Infrastructure Controller Enterprise Module cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2015-006849 // CNNVD: CNNVD-201601-630

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuw47238

Trust: 1.98

sources: NVD: CVE-2015-6337 // JVNDB: JVNDB-2015-006849 // BID: 81799 // VULHUB: VHN-84298

AFFECTED PRODUCTS

vendor:ciscomodel:application policy infrastructure controller enterprise modulescope:eqversion:1.0.10

Trust: 2.7

vendor:ciscomodel:application policy infrastructure controller enterprise modulescope:eqversion:1.0_ga

Trust: 1.6

sources: BID: 81799 // JVNDB: JVNDB-2015-006849 // CNNVD: CNNVD-201601-630 // NVD: CVE-2015-6337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6337
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6337
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201601-630
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84298
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6337
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84298
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6337
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-84298 // JVNDB: JVNDB-2015-006849 // CNNVD: CNNVD-201601-630 // NVD: CVE-2015-6337

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-84298 // JVNDB: JVNDB-2015-006849 // NVD: CVE-2015-6337

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-630

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201601-630

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006849

PATCH
title:cisco-sa-20160125-apiurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-api
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006849

EXTERNAL IDS
db:NVDid:CVE-2015-6337
Trust: 2.8
db:SECTRACKid:1034827
Trust: 1.1
db:JVNDBid:JVNDB-2015-006849
Trust: 0.8
db:CNNVDid:CNNVD-201601-630
Trust: 0.7
db:BIDid:81799
Trust: 0.4
db:VULHUBid:VHN-84298
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84298 // 
            
            
            
            BID: 81799 // 
            
            
            
            JVNDB: JVNDB-2015-006849 // 
            
            
            
            CNNVD: CNNVD-201601-630 // 
            
            
            
            NVD: CVE-2015-6337

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160125-api
Trust: 2.0
url:http://www.securitytracker.com/id/1034827
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6337
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6337
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84298 // 
            
            
            
            BID: 81799 // 
            
            
            
            JVNDB: JVNDB-2015-006849 // 
            
            
            
            CNNVD: CNNVD-201601-630 // 
            
            
            
            NVD: CVE-2015-6337

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 81799

SOURCES
db:VULHUBid:VHN-84298
db:BIDid:81799
db:JVNDBid:JVNDB-2015-006849
db:CNNVDid:CNNVD-201601-630
db:NVDid:CVE-2015-6337

LAST UPDATE DATE
2025-04-13T23:23:42.150000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84298date:2016-12-07T00:00:00
db:BIDid:81799date:2016-01-25T00:00:00
db:JVNDBid:JVNDB-2015-006849date:2016-01-27T00:00:00
db:CNNVDid:CNNVD-201601-630date:2016-01-27T00:00:00
db:NVDid:CVE-2015-6337date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84298date:2016-01-26T00:00:00
db:BIDid:81799date:2016-01-25T00:00:00
db:JVNDBid:JVNDB-2015-006849date:2016-01-27T00:00:00
db:CNNVDid:CNNVD-201601-630date:2016-01-27T00:00:00
db:NVDid:CVE-2015-6337date:2016-01-26T05:59:00.083