Lucene search

CiscoCVE-2016-1294

HistoryJan 16, 2016 - 5:59 a.m.

CVE-2016-1294

2016-01-1605:59:06

CWE-79

cisco

web.nvd.nist.gov

cve-2016-1294

xss vulnerability

cisco firesight system

remote attackers

crafted cookie

bug id cscuw89094

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.1%

JSON

Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094.

Affected configurations

Nvd

Node

ciscofiresight_system_softwareMatch6.0.1

VendorProductVersionCPE
ciscofiresight_system_software6.0.1cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	firesight_system_software	6.0.1	cpe:2.3:a:cisco:firesight_system_software:6.0.1:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1

www.securitytracker.com/id/1034690

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.1%

JSON

Related for CVE-2016-1294