Details of VAR-201611-0156

ID

VAR-201611-0156

CVE

CVE-2016-6429

TITLE

Cisco IP Interoperability and Collaboration System of Web Cross-site scripting vulnerability in framework code

Trust: 0.8

sources: JVNDB: JVNDB-2016-005728

DESCRIPTION

A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1). Vendors have confirmed this vulnerability Bug ID CSCva47092 It is released as.A third party may perform a cross-site scripting attack. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCva47092. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents

Trust: 1.98

sources: NVD: CVE-2016-6429 // JVNDB: JVNDB-2016-005728 // BID: 93915 // VULHUB: VHN-95249

AFFECTED PRODUCTS

vendor:	cisco	model:	ip interoperability and collaboration system	scope:	eq	version:	4.10\(1\)	Trust: 1.6
vendor:	cisco	model:	ip interoperability and collaboration system	scope:	eq	version:	4.10(1)	Trust: 0.8
vendor:	cisco	model:	ip interoperability and collaboration system	scope:	eq	version:	0	Trust: 0.3

sources: BID: 93915 // JVNDB: JVNDB-2016-005728 // CNNVD: CNNVD-201610-768 // NVD: CVE-2016-6429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6429
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-6429
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201610-768
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95249
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6429
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95249
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6429
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95249 // JVNDB: JVNDB-2016-005728 // CNNVD: CNNVD-201610-768 // NVD: CVE-2016-6429

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-95249 // JVNDB: JVNDB-2016-005728 // NVD: CVE-2016-6429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-768

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201610-768

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005728

PATCH

title:	cisco-sa-20161026-ipics1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1	Trust: 0.8
title:	Cisco IP Interoperability and Collaboration System Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65121	Trust: 0.6

sources: JVNDB: JVNDB-2016-005728 // CNNVD: CNNVD-201610-768

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6429	Trust: 2.8
db:	BID	id:	93915	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-005728	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-768	Trust: 0.7
db:	VULHUB	id:	VHN-95249	Trust: 0.1

sources: VULHUB: VHN-95249 // BID: 93915 // JVNDB: JVNDB-2016-005728 // CNNVD: CNNVD-201610-768 // NVD: CVE-2016-6429

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-ipics1	Trust: 2.0
url:	http://www.securityfocus.com/bid/93915	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6429	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6429	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/physical-security/ip-interoperability-collaboration-system/index.html	Trust: 0.3

sources: VULHUB: VHN-95249 // BID: 93915 // JVNDB: JVNDB-2016-005728 // CNNVD: CNNVD-201610-768 // NVD: CVE-2016-6429

CREDITS

Cisco

Trust: 0.9

sources: BID: 93915 // CNNVD: CNNVD-201610-768

SOURCES

db:	VULHUB	id:	VHN-95249
db:	BID	id:	93915
db:	JVNDB	id:	JVNDB-2016-005728
db:	CNNVD	id:	CNNVD-201610-768
db:	NVD	id:	CVE-2016-6429

LAST UPDATE DATE

2025-04-12T23:33:54.909000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95249	date:	2016-11-28T00:00:00
db:	BID	id:	93915	date:	2016-11-24T01:04:00
db:	JVNDB	id:	JVNDB-2016-005728	date:	2016-11-08T00:00:00
db:	CNNVD	id:	CNNVD-201610-768	date:	2016-11-04T00:00:00
db:	NVD	id:	CVE-2016-6429	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95249	date:	2016-11-03T00:00:00
db:	BID	id:	93915	date:	2016-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2016-005728	date:	2016-11-08T00:00:00
db:	CNNVD	id:	CNNVD-201610-768	date:	2016-10-27T00:00:00
db:	NVD	id:	CVE-2016-6429	date:	2016-11-03T21:59:00.217