Sign-up

ID

VAR-201607-0428


CVE

CVE-2016-1447


TITLE

Cisco WebEx Meetings Server Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003779

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194. Vendors have confirmed this vulnerability Bug ID CSCuy83194 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuy83194. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2016-1447 // JVNDB: JVNDB-2016-003779 // BID: 91781 // VULHUB: VHN-90266

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.0

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6.1.39

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 1.1

sources: BID: 91781 // JVNDB: JVNDB-2016-003779 // NVD: CVE-2016-1447 // CNNVD: CNNVD-201607-429

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-1447
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201607-429
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90266
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2016-1447
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-90266
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: CVE-2016-1447
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-90266 // JVNDB: JVNDB-2016-003779 // NVD: CVE-2016-1447 // CNNVD: CNNVD-201607-429

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90266 // JVNDB: JVNDB-2016-003779 // NVD: CVE-2016-1447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-429

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201607-429

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-1447

PATCH
title:cisco-sa-20160714-wms1url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-wms1
Trust: 0.8
title:Cisco WebEx Meetings Server Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62971
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003779 // 
            
            
            
            CNNVD: CNNVD-201607-429

EXTERNAL IDS
db:NVDid:CVE-2016-1447
Trust: 2.8
db:BIDid:91781
Trust: 1.4
db:SECTRACKid:1036314
Trust: 1.1
db:JVNDBid:JVNDB-2016-003779
Trust: 0.8
db:CNNVDid:CNNVD-201607-429
Trust: 0.7
db:VULHUBid:VHN-90266
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90266 // 
            
            
            
            BID: 91781 // 
            
            
            
            JVNDB: JVNDB-2016-003779 // 
            
            
            
            NVD: CVE-2016-1447 // 
            
            
            
            CNNVD: CNNVD-201607-429

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-wms1
Trust: 1.7
url:http://www.securityfocus.com/bid/91781
Trust: 1.1
url:http://www.securitytracker.com/id/1036314
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1447
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1447
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12732/index.html
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-wms1 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90266 // 
            
            
            
            BID: 91781 // 
            
            
            
            JVNDB: JVNDB-2016-003779 // 
            
            
            
            NVD: CVE-2016-1447 // 
            
            
            
            CNNVD: CNNVD-201607-429

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 91781

SOURCES
db:VULHUBid:VHN-90266
db:BIDid:91781
db:JVNDBid:JVNDB-2016-003779
db:NVDid:CVE-2016-1447
db:CNNVDid:CNNVD-201607-429

LAST UPDATE DATE
2023-12-18T12:05:47.502000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90266date:2017-09-01T00:00:00
db:BIDid:91781date:2016-07-14T00:00:00
db:JVNDBid:JVNDB-2016-003779date:2016-07-21T00:00:00
db:NVDid:CVE-2016-1447date:2017-09-01T01:29:03.867
db:CNNVDid:CNNVD-201607-429date:2016-07-18T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-90266date:2016-07-15T00:00:00
db:BIDid:91781date:2016-07-14T00:00:00
db:JVNDBid:JVNDB-2016-003779date:2016-07-21T00:00:00
db:NVDid:CVE-2016-1447date:2016-07-15T16:59:02.157
db:CNNVDid:CNNVD-201607-429date:2016-07-18T00:00:00