Details of VAR-201607-0430

ID

VAR-201607-0430

CVE

CVE-2016-1449

TITLE

Cisco WebEx Meetings Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-003781

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuy92711. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2016-1449 // JVNDB: JVNDB-2016-003781 // BID: 91780 // VULHUB: VHN-90268

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.0	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.1.39	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6	Trust: 1.1

sources: BID: 91780 // JVNDB: JVNDB-2016-003781 // NVD: CVE-2016-1449 // CNNVD: CNNVD-201607-430

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-1449
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201607-430
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90268
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-1449
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-90268
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	CVE-2016-1449
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-90268 // JVNDB: JVNDB-2016-003781 // NVD: CVE-2016-1449 // CNNVD: CNNVD-201607-430

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-90268 // JVNDB: JVNDB-2016-003781 // NVD: CVE-2016-1449

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-430

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201607-430

CONFIGURATIONS

sources: NVD: CVE-2016-1449

PATCH

title:	cisco-sa-20160714-wms3	url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-wms3	Trust: 0.8
title:	Cisco WebEx Meetings Server Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62972	Trust: 0.6

sources: JVNDB: JVNDB-2016-003781 // CNNVD: CNNVD-201607-430

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1449	Trust: 2.8
db:	BID	id:	91780	Trust: 1.4
db:	SECTRACK	id:	1036313	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-003781	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-430	Trust: 0.7
db:	VULHUB	id:	VHN-90268	Trust: 0.1

sources: VULHUB: VHN-90268 // BID: 91780 // JVNDB: JVNDB-2016-003781 // NVD: CVE-2016-1449 // CNNVD: CNNVD-201607-430

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-wms3	Trust: 2.0
url:	http://www.securityfocus.com/bid/91780	Trust: 1.1
url:	http://www.securitytracker.com/id/1036313	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1449	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1449	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps12732/index.html	Trust: 0.3

sources: VULHUB: VHN-90268 // BID: 91780 // JVNDB: JVNDB-2016-003781 // NVD: CVE-2016-1449 // CNNVD: CNNVD-201607-430

CREDITS

Cisco

Trust: 0.3

sources: BID: 91780

SOURCES

db:	VULHUB	id:	VHN-90268
db:	BID	id:	91780
db:	JVNDB	id:	JVNDB-2016-003781
db:	NVD	id:	CVE-2016-1449
db:	CNNVD	id:	CNNVD-201607-430

LAST UPDATE DATE

2023-12-18T12:37:46.840000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90268	date:	2017-09-01T00:00:00
db:	BID	id:	91780	date:	2016-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-003781	date:	2016-07-21T00:00:00
db:	NVD	id:	CVE-2016-1449	date:	2017-09-01T01:29:03.977
db:	CNNVD	id:	CNNVD-201607-430	date:	2016-07-18T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90268	date:	2016-07-15T00:00:00
db:	BID	id:	91780	date:	2016-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-003781	date:	2016-07-21T00:00:00
db:	NVD	id:	CVE-2016-1449	date:	2016-07-15T16:59:03.143
db:	CNNVD	id:	CNNVD-201607-430	date:	2016-07-18T00:00:00