Sign-up

ID

VAR-201604-0567


CVE

CVE-2016-1375


TITLE

Cisco IP Interoperability and Collaboration System Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-002055

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuy12339 and CSCuy12340. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents

Trust: 1.98

sources: NVD: CVE-2016-1375 // JVNDB: JVNDB-2016-002055 // BID: 85935 // VULHUB: VHN-90194

AFFECTED PRODUCTS

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.10

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.10(1)

Trust: 0.8

sources: JVNDB: JVNDB-2016-002055 // CNNVD: CNNVD-201604-125 // NVD: CVE-2016-1375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1375
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1375
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201604-125
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90194
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1375
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90194
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1375
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90194 // JVNDB: JVNDB-2016-002055 // CNNVD: CNNVD-201604-125 // NVD: CVE-2016-1375

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90194 // JVNDB: JVNDB-2016-002055 // NVD: CVE-2016-1375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-125

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201604-125

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002055

PATCH
title:cisco-sa-20160407-cicurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-002055

EXTERNAL IDS
db:NVDid:CVE-2016-1375
Trust: 2.8
db:JVNDBid:JVNDB-2016-002055
Trust: 0.8
db:CNNVDid:CNNVD-201604-125
Trust: 0.7
db:BIDid:85935
Trust: 0.4
db:VULHUBid:VHN-90194
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90194 // 
            
            
            
            BID: 85935 // 
            
            
            
            JVNDB: JVNDB-2016-002055 // 
            
            
            
            CNNVD: CNNVD-201604-125 // 
            
            
            
            NVD: CVE-2016-1375

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160407-cic
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1375
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1375
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/physical-security/ip-interoperability-collaboration-system/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90194 // 
            
            
            
            BID: 85935 // 
            
            
            
            JVNDB: JVNDB-2016-002055 // 
            
            
            
            CNNVD: CNNVD-201604-125 // 
            
            
            
            NVD: CVE-2016-1375

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 85935 // 
            
            
            
            CNNVD: CNNVD-201604-125

SOURCES
db:VULHUBid:VHN-90194
db:BIDid:85935
db:JVNDBid:JVNDB-2016-002055
db:CNNVDid:CNNVD-201604-125
db:NVDid:CVE-2016-1375

LAST UPDATE DATE
2025-04-12T22:58:14.048000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90194date:2016-04-14T00:00:00
db:BIDid:85935date:2016-04-07T00:00:00
db:JVNDBid:JVNDB-2016-002055date:2016-04-15T00:00:00
db:CNNVDid:CNNVD-201604-125date:2016-04-08T00:00:00
db:NVDid:CVE-2016-1375date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90194date:2016-04-08T00:00:00
db:BIDid:85935date:2016-04-07T00:00:00
db:JVNDBid:JVNDB-2016-002055date:2016-04-15T00:00:00
db:CNNVDid:CNNVD-201604-125date:2016-04-08T00:00:00
db:NVDid:CVE-2016-1375date:2016-04-08T15:59:04.247