Details of VAR-201605-0409

ID

VAR-201605-0409

CVE

CVE-2016-1401

TITLE

Cisco Unified Computing System Central Cross-site scripting vulnerability in software management interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-002926

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuy91250. The software provides policy-based automated servers to improve IT productivity and centralized fault overview to quickly resolve issues, among other features

Trust: 1.98

sources: NVD: CVE-2016-1401 // JVNDB: JVNDB-2016-002926 // BID: 90723 // VULHUB: VHN-90220

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system central software	scope:	eq	version:	1.4\(1a\)	Trust: 1.6
vendor:	cisco	model:	unified computing system central software	scope:	eq	version:	1.4(1a)	Trust: 0.8

sources: JVNDB: JVNDB-2016-002926 // CNNVD: CNNVD-201605-436 // NVD: CVE-2016-1401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1401
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1401
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201605-436
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90220
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1401
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90220
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1401
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90220 // JVNDB: JVNDB-2016-002926 // CNNVD: CNNVD-201605-436 // NVD: CVE-2016-1401

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-90220 // JVNDB: JVNDB-2016-002926 // NVD: CVE-2016-1401

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-436

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201605-436

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002926

PATCH

title:	cisco-sa-20160517-ucs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs	Trust: 0.8
title:	Cisco Unified Computing System Central Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61750	Trust: 0.6

sources: JVNDB: JVNDB-2016-002926 // CNNVD: CNNVD-201605-436

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1401	Trust: 2.8
db:	SECTRACK	id:	1035933	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-002926	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-436	Trust: 0.7
db:	BID	id:	90723	Trust: 0.4
db:	VULHUB	id:	VHN-90220	Trust: 0.1

sources: VULHUB: VHN-90220 // BID: 90723 // JVNDB: JVNDB-2016-002926 // CNNVD: CNNVD-201605-436 // NVD: CVE-2016-1401

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160517-ucs	Trust: 1.1
url:	http://www.securitytracker.com/id/1035933	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1401	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1401	Trust: 0.8
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160517-ucs/	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90220 // BID: 90723 // JVNDB: JVNDB-2016-002926 // CNNVD: CNNVD-201605-436 // NVD: CVE-2016-1401

CREDITS

Cisco

Trust: 0.3

sources: BID: 90723

SOURCES

db:	VULHUB	id:	VHN-90220
db:	BID	id:	90723
db:	JVNDB	id:	JVNDB-2016-002926
db:	CNNVD	id:	CNNVD-201605-436
db:	NVD	id:	CVE-2016-1401

LAST UPDATE DATE

2025-04-12T23:31:19.300000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90220	date:	2016-12-01T00:00:00
db:	BID	id:	90723	date:	2016-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-002926	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-436	date:	2016-05-18T00:00:00
db:	NVD	id:	CVE-2016-1401	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90220	date:	2016-05-21T00:00:00
db:	BID	id:	90723	date:	2016-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-002926	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-436	date:	2016-05-18T00:00:00
db:	NVD	id:	CVE-2016-1401	date:	2016-05-21T01:59:00.113