Details of VAR-201608-0223

ID

VAR-201608-0223

CVE

CVE-2016-6359

TITLE

Cisco Smart Call Home Transport Gateway Run on device Transport Gateway Installation Software Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-004432

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817. Vendors have confirmed this vulnerability Bug ID CSCva40650 and CSCva40817 It is released as.Any value via a crafted value by a third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by Cisco Bug IDs CSCva40650 and CSCva40817

Trust: 1.98

sources: NVD: CVE-2016-6359 // JVNDB: JVNDB-2016-004432 // BID: 92516 // VULHUB: VHN-95179

IOT TAXONOMY

category:

['network device']

sub_category:

gateway

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	cisco	model:	transport gateway installation software	scope:	eq	version:	4.1\(4.0\)	Trust: 1.6
vendor:	cisco	model:	transport gateway for smart call home	scope:	eq	version:	4.1(4.0)	Trust: 0.8
vendor:	cisco	model:	smart call home transport gateway	scope:	eq	version:	4.1(4.0)	Trust: 0.3

sources: BID: 92516 // JVNDB: JVNDB-2016-004432 // CNNVD: CNNVD-201608-016 // NVD: CVE-2016-6359

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6359
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-6359
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201608-016
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95179
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6359
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95179
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6359
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95179 // JVNDB: JVNDB-2016-004432 // CNNVD: CNNVD-201608-016 // NVD: CVE-2016-6359

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-95179 // JVNDB: JVNDB-2016-004432 // NVD: CVE-2016-6359

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-016

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201608-016

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004432

PATCH

title:

cisco-sa-20160817-sch

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch

Trust: 0.8

sources: JVNDB: JVNDB-2016-004432

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6359	Trust: 2.9
db:	BID	id:	92516	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-004432	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-016	Trust: 0.7
db:	NSFOCUS	id:	34599	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-95179	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-95179 // BID: 92516 // JVNDB: JVNDB-2016-004432 // CNNVD: CNNVD-201608-016 // NVD: CVE-2016-6359

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-sch	Trust: 2.0
url:	http://www.securityfocus.com/bid/92516	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6359	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6359	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/34599	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-95179 // BID: 92516 // JVNDB: JVNDB-2016-004432 // CNNVD: CNNVD-201608-016 // NVD: CVE-2016-6359

CREDITS

Cisco

Trust: 0.3

sources: BID: 92516

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-95179
db:	BID	id:	92516
db:	JVNDB	id:	JVNDB-2016-004432
db:	CNNVD	id:	CNNVD-201608-016
db:	NVD	id:	CVE-2016-6359

LAST UPDATE DATE

2025-04-13T20:47:07.867000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95179	date:	2016-11-28T00:00:00
db:	BID	id:	92516	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004432	date:	2016-08-23T00:00:00
db:	CNNVD	id:	CNNVD-201608-016	date:	2016-08-23T00:00:00
db:	NVD	id:	CVE-2016-6359	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95179	date:	2016-08-22T00:00:00
db:	BID	id:	92516	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004432	date:	2016-08-23T00:00:00
db:	CNNVD	id:	CNNVD-201608-016	date:	2016-08-18T00:00:00
db:	NVD	id:	CVE-2016-6359	date:	2016-08-22T10:59:09.043