Details of VAR-201607-0432

ID

VAR-201607-0432

CVE

CVE-2016-1451

TITLE

Cisco Meeting Server of Web -Based scripting interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003783

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The issue is being tracked by Cisco Bug ID CSCva19922. Cisco Meeting Server 1.7 through 1.9 are vulnerable

Trust: 1.98

sources: NVD: CVE-2016-1451 // JVNDB: JVNDB-2016-003783 // BID: 91784 // VULHUB: VHN-90270

AFFECTED PRODUCTS

vendor:	cisco	model:	meeting server	scope:	eq	version:	1.7_base	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.9_base	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.8_base	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	1.7 to 1.9	Trust: 0.8
vendor:	cisco	model:	meetings server	scope:	eq	version:	1.9	Trust: 0.3
vendor:	cisco	model:	meetings server	scope:	eq	version:	1.8	Trust: 0.3
vendor:	cisco	model:	meetings server	scope:	eq	version:	1.7	Trust: 0.3
vendor:	cisco	model:	meetings server	scope:	ne	version:	1.9.2	Trust: 0.3
vendor:	cisco	model:	meetings server	scope:	ne	version:	1.8.15	Trust: 0.3
vendor:	cisco	model:	meetings server	scope:	ne	version:	1.7.24	Trust: 0.3

sources: BID: 91784 // JVNDB: JVNDB-2016-003783 // CNNVD: CNNVD-201607-432 // NVD: CVE-2016-1451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1451
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1451
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201607-432
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90270
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1451
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90270
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1451
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90270 // JVNDB: JVNDB-2016-003783 // CNNVD: CNNVD-201607-432 // NVD: CVE-2016-1451

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-90270 // JVNDB: JVNDB-2016-003783 // NVD: CVE-2016-1451

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-432

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201607-432

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003783

PATCH

title:	cisco-sa-20160714-ms	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ms	Trust: 0.8
title:	Cisco Meeting Server Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62974	Trust: 0.6

sources: JVNDB: JVNDB-2016-003783 // CNNVD: CNNVD-201607-432

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1451	Trust: 2.8
db:	JVNDB	id:	JVNDB-2016-003783	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-432	Trust: 0.7
db:	BID	id:	91784	Trust: 0.4
db:	VULHUB	id:	VHN-90270	Trust: 0.1

sources: VULHUB: VHN-90270 // BID: 91784 // JVNDB: JVNDB-2016-003783 // CNNVD: CNNVD-201607-432 // NVD: CVE-2016-1451

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160714-ms	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1451	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1451	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90270 // BID: 91784 // JVNDB: JVNDB-2016-003783 // CNNVD: CNNVD-201607-432 // NVD: CVE-2016-1451

CREDITS

Cisco

Trust: 0.3

sources: BID: 91784

SOURCES

db:	VULHUB	id:	VHN-90270
db:	BID	id:	91784
db:	JVNDB	id:	JVNDB-2016-003783
db:	CNNVD	id:	CNNVD-201607-432
db:	NVD	id:	CVE-2016-1451

LAST UPDATE DATE

2025-04-13T23:02:53.337000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90270	date:	2016-07-18T00:00:00
db:	BID	id:	91784	date:	2016-08-08T12:00:00
db:	JVNDB	id:	JVNDB-2016-003783	date:	2016-07-21T00:00:00
db:	CNNVD	id:	CNNVD-201607-432	date:	2016-07-18T00:00:00
db:	NVD	id:	CVE-2016-1451	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90270	date:	2016-07-15T00:00:00
db:	BID	id:	91784	date:	2016-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-003783	date:	2016-07-21T00:00:00
db:	CNNVD	id:	CNNVD-201607-432	date:	2016-07-18T00:00:00
db:	NVD	id:	CVE-2016-1451	date:	2016-07-15T16:59:05.207