Details of VAR-201701-0859

ID

VAR-201701-0859

CVE

CVE-2016-9222

TITLE

Cisco NetFlow Generation Appliance Web -Based scripting interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007056

DESCRIPTION

A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvb15229. Cisco NetFlow Generation Appliance (NGA) is a set of scalable solutions for data center traffic visibility from Cisco. The solution provides features such as traffic analysis and other demand management

Trust: 2.07

sources: NVD: CVE-2016-9222 // JVNDB: JVNDB-2016-007056 // BID: 95640 // VULHUB: VHN-98042 // VULMON: CVE-2016-9222

AFFECTED PRODUCTS

vendor:	cisco	model:	netflow generation appliance	scope:	eq	version:	1.0\(2\)	Trust: 1.6
vendor:	cisco	model:	netflow generation appliance software	scope:	eq	version:	1.0 (2)	Trust: 0.8
vendor:	cisco	model:	netflow generation appliance	scope:	eq	version:	0	Trust: 0.3

sources: BID: 95640 // JVNDB: JVNDB-2016-007056 // CNNVD: CNNVD-201701-784 // NVD: CVE-2016-9222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9222
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9222
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201701-784
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98042
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-9222
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9222
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-98042
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9222
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-98042 // VULMON: CVE-2016-9222 // JVNDB: JVNDB-2016-007056 // CNNVD: CNNVD-201701-784 // NVD: CVE-2016-9222

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-98042 // JVNDB: JVNDB-2016-007056 // NVD: CVE-2016-9222

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-784

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201701-784

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007056

PATCH

title:	cisco-sa-20170118-nga	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga	Trust: 0.8
title:	Cisco NetFlow Generation Appliance Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67342	Trust: 0.6

sources: JVNDB: JVNDB-2016-007056 // CNNVD: CNNVD-201701-784

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9222	Trust: 2.9
db:	BID	id:	95640	Trust: 2.1
db:	JVNDB	id:	JVNDB-2016-007056	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-784	Trust: 0.7
db:	VULHUB	id:	VHN-98042	Trust: 0.1
db:	VULMON	id:	CVE-2016-9222	Trust: 0.1

sources: VULHUB: VHN-98042 // VULMON: CVE-2016-9222 // BID: 95640 // JVNDB: JVNDB-2016-007056 // CNNVD: CNNVD-201701-784 // NVD: CVE-2016-9222

REFERENCES

url:	http://www.securityfocus.com/bid/95640	Trust: 1.9
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-nga	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9222	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9222	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-ise	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-98042 // VULMON: CVE-2016-9222 // BID: 95640 // JVNDB: JVNDB-2016-007056 // CNNVD: CNNVD-201701-784 // NVD: CVE-2016-9222

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 95640

SOURCES

db:	VULHUB	id:	VHN-98042
db:	VULMON	id:	CVE-2016-9222
db:	BID	id:	95640
db:	JVNDB	id:	JVNDB-2016-007056
db:	CNNVD	id:	CNNVD-201701-784
db:	NVD	id:	CVE-2016-9222

LAST UPDATE DATE

2025-04-20T23:34:29.532000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-98042	date:	2017-01-27T00:00:00
db:	VULMON	id:	CVE-2016-9222	date:	2017-01-27T00:00:00
db:	BID	id:	95640	date:	2017-01-23T02:11:00
db:	JVNDB	id:	JVNDB-2016-007056	date:	2017-02-09T00:00:00
db:	CNNVD	id:	CNNVD-201701-784	date:	2017-02-08T00:00:00
db:	NVD	id:	CVE-2016-9222	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-98042	date:	2017-01-26T00:00:00
db:	VULMON	id:	CVE-2016-9222	date:	2017-01-26T00:00:00
db:	BID	id:	95640	date:	2017-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-007056	date:	2017-02-09T00:00:00
db:	CNNVD	id:	CNNVD-201701-784	date:	2017-01-20T00:00:00
db:	NVD	id:	CVE-2016-9222	date:	2017-01-26T07:59:00.280