Sign-up

ID

VAR-201610-0269


CVE

CVE-2016-6418


TITLE

Cisco Videoscape Distribution Suite Service Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-005160

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCva14552. The tool provides real-time configuration, management, analysis and monitoring functions

Trust: 1.98

sources: NVD: CVE-2016-6418 // JVNDB: JVNDB-2016-005160 // BID: 93207 // VULHUB: VHN-95238

AFFECTED PRODUCTS

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.4.0

Trust: 1.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.3.0

Trust: 1.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.2.0

Trust: 1.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.0.0

Trust: 1.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.1.0

Trust: 1.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.4.0 for up to 3.0

Trust: 0.8

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.0_base

Trust: 0.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.1_base

Trust: 0.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.3_base

Trust: 0.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:3.4_base

Trust: 0.6

vendor:ciscomodel:videoscape distribution suite service managerscope:eqversion:0

Trust: 0.3

sources: BID: 93207 // JVNDB: JVNDB-2016-005160 // CNNVD: CNNVD-201609-634 // NVD: CVE-2016-6418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6418
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6418
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201609-634
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95238
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6418
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95238
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6418
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2016-6418
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-95238 // JVNDB: JVNDB-2016-005160 // CNNVD: CNNVD-201609-634 // NVD: CVE-2016-6418

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-95238 // JVNDB: JVNDB-2016-005160 // NVD: CVE-2016-6418

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-634

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201609-634

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005160

PATCH
title:cisco-sa-20160928-vdsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-vds
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-005160

EXTERNAL IDS
db:NVDid:CVE-2016-6418
Trust: 2.8
db:BIDid:93207
Trust: 2.0
db:JVNDBid:JVNDB-2016-005160
Trust: 0.8
db:CNNVDid:CNNVD-201609-634
Trust: 0.7
db:VULHUBid:VHN-95238
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95238 // 
            
            
            
            BID: 93207 // 
            
            
            
            JVNDB: JVNDB-2016-005160 // 
            
            
            
            CNNVD: CNNVD-201609-634 // 
            
            
            
            NVD: CVE-2016-6418

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160928-vds
Trust: 2.0
url:http://www.securityfocus.com/bid/93207
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6418
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6418
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95238 // 
            
            
            
            BID: 93207 // 
            
            
            
            JVNDB: JVNDB-2016-005160 // 
            
            
            
            CNNVD: CNNVD-201609-634 // 
            
            
            
            NVD: CVE-2016-6418

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 93207 // 
            
            
            
            CNNVD: CNNVD-201609-634

SOURCES
db:VULHUBid:VHN-95238
db:BIDid:93207
db:JVNDBid:JVNDB-2016-005160
db:CNNVDid:CNNVD-201609-634
db:NVDid:CVE-2016-6418

LAST UPDATE DATE
2025-04-13T23:17:50.898000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95238date:2021-01-05T00:00:00
db:BIDid:93207date:2016-10-03T05:00:00
db:JVNDBid:JVNDB-2016-005160date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-634date:2016-10-11T00:00:00
db:NVDid:CVE-2016-6418date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95238date:2016-10-05T00:00:00
db:BIDid:93207date:2016-09-28T00:00:00
db:JVNDBid:JVNDB-2016-005160date:2016-10-13T00:00:00
db:CNNVDid:CNNVD-201609-634date:2016-09-29T00:00:00
db:NVDid:CVE-2016-6418date:2016-10-05T17:59:07.757