Details of VAR-201603-0283

ID

VAR-201603-0283

CVE

CVE-2016-1354

TITLE

Cisco Unified Communications Domain Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-001587

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.71

sources: NVD: CVE-2016-1354 // JVNDB: JVNDB-2016-001587 // VULHUB: VHN-90173

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.0	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.0.2	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.0.1	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1.1	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	lt	version:	8.x	Trust: 0.8

sources: JVNDB: JVNDB-2016-001587 // CNNVD: CNNVD-201603-015 // NVD: CVE-2016-1354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1354
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1354
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201603-015
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90173
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1354
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90173
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1354
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90173 // JVNDB: JVNDB-2016-001587 // CNNVD: CNNVD-201603-015 // NVD: CVE-2016-1354

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-90173 // JVNDB: JVNDB-2016-001587 // NVD: CVE-2016-1354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-015

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201603-015

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001587

PATCH

title:	cisco-sa-20160302-cucdm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cucdm	Trust: 0.8
title:	Cisco Unified Communications Domain Manager Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60379	Trust: 0.6

sources: JVNDB: JVNDB-2016-001587 // CNNVD: CNNVD-201603-015

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1354	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-001587	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-015	Trust: 0.6
db:	BID	id:	84128	Trust: 0.1
db:	VULHUB	id:	VHN-90173	Trust: 0.1

sources: VULHUB: VHN-90173 // JVNDB: JVNDB-2016-001587 // CNNVD: CNNVD-201603-015 // NVD: CVE-2016-1354

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160302-cucdm	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1354	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1354	Trust: 0.8

sources: VULHUB: VHN-90173 // JVNDB: JVNDB-2016-001587 // CNNVD: CNNVD-201603-015 // NVD: CVE-2016-1354

SOURCES

db:	VULHUB	id:	VHN-90173
db:	JVNDB	id:	JVNDB-2016-001587
db:	CNNVD	id:	CNNVD-201603-015
db:	NVD	id:	CVE-2016-1354

LAST UPDATE DATE

2025-04-13T23:25:10.443000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90173	date:	2016-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-001587	date:	2016-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201603-015	date:	2016-03-04T00:00:00
db:	NVD	id:	CVE-2016-1354	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90173	date:	2016-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-001587	date:	2016-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201603-015	date:	2016-03-03T00:00:00
db:	NVD	id:	CVE-2016-1354	date:	2016-03-03T15:59:00.117