Details of VAR-201904-0429

ID

VAR-201904-0429

CVE

CVE-2019-1777

TITLE

Cisco Registered Envelope Service Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-003535

DESCRIPTION

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by sending an email with a malicious payload to another user. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability affects software versions 5.3.4.x. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn65870. The product includes read receipts for mail, mail recycling, mail forwarding and replying, and smartphone support

Trust: 1.98

sources: NVD: CVE-2019-1777 // JVNDB: JVNDB-2019-003535 // BID: 108015 // VULHUB: VHN-150049

AFFECTED PRODUCTS

vendor:	cisco	model:	registered envelope service	scope:	eq	version:	5.3.4-027	Trust: 1.3
vendor:	cisco	model:	registered envelope service	scope:	eq	version:	5.3.4.x	Trust: 0.8

sources: BID: 108015 // JVNDB: JVNDB-2019-003535 // NVD: CVE-2019-1777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1777
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1777
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1777
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201904-839
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-150049
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-1777
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150049
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1777
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1777
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-150049 // JVNDB: JVNDB-2019-003535 // CNNVD: CNNVD-201904-839 // NVD: CVE-2019-1777 // NVD: CVE-2019-1777

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-150049 // JVNDB: JVNDB-2019-003535 // NVD: CVE-2019-1777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-839

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201904-839

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003535

PATCH

title:

cisco-sa-20190417-res-xss

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-res-xss

Trust: 0.8

sources: JVNDB: JVNDB-2019-003535

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1777	Trust: 2.8
db:	BID	id:	108015	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003535	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-839	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1340	Trust: 0.6
db:	VULHUB	id:	VHN-150049	Trust: 0.1

sources: VULHUB: VHN-150049 // BID: 108015 // JVNDB: JVNDB-2019-003535 // CNNVD: CNNVD-201904-839 // NVD: CVE-2019-1777

REFERENCES

url:	http://www.securityfocus.com/bid/108015	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-res-xss	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1777	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1777	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/79334	Trust: 0.6

sources: VULHUB: VHN-150049 // BID: 108015 // JVNDB: JVNDB-2019-003535 // CNNVD: CNNVD-201904-839 // NVD: CVE-2019-1777

CREDITS

Rahul Raj .,Rahul Raj.

Trust: 0.6

sources: CNNVD: CNNVD-201904-839

SOURCES

db:	VULHUB	id:	VHN-150049
db:	BID	id:	108015
db:	JVNDB	id:	JVNDB-2019-003535
db:	CNNVD	id:	CNNVD-201904-839
db:	NVD	id:	CVE-2019-1777

LAST UPDATE DATE

2024-11-23T23:08:25.633000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150049	date:	2023-03-01T00:00:00
db:	BID	id:	108015	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003535	date:	2019-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201904-839	date:	2019-04-23T00:00:00
db:	NVD	id:	CVE-2019-1777	date:	2024-11-21T04:37:21.293

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150049	date:	2019-04-18T00:00:00
db:	BID	id:	108015	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003535	date:	2019-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201904-839	date:	2019-04-17T00:00:00
db:	NVD	id:	CVE-2019-1777	date:	2019-04-18T01:29:02.267