Lucene search

CiscoCISCO-SA-20130920-CVE-2013-5501

HistorySep 20, 2013 - 7:27 p.m.

Cisco MediaSense oraservice Cross-Site Scripting Vulnerability

2013-09-2019:27:52

tools.cisco.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

56.9%

JSON

A vulnerability in the oraservice page of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.

The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by convincing the user to access a malicious link.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.

Affected configurations

Vulners

Node

ciscomediasenseMatchany

VendorProductVersionCPE
ciscomediasenseanycpe:2.3:a:cisco:mediasense:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	mediasense	any	cpe:2.3:a:cisco:mediasense:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130920-CVE-2013-5501

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

56.9%

JSON

Related for CISCO-SA-20130920-CVE-2013-5501