Lucene search
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-20150818-CVE-2015-4310.NASLHistoryOct 21, 2019 - 12:00 a.m.
Cisco Finesse Appliance Multiple Cross-Site Scripting Vulnerabilities (Cisco-SA-20150818-CVE-2015-4310)
2019-10-2100:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
43.6%
According to its self-reported version, the Cisco Finesse appliance is affected by multiple cross-site scripting (XSS) vulnerabilities exist due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user’s browser session.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(130064);
script_version("1.3");
script_cvs_date("Date: 2019/10/31 15:18:51");
script_cve_id("CVE-2015-4310");
script_xref(name:"CISCO-BUG-ID", value:"CSCuq73975");
script_xref(name:"CISCO-BUG-ID", value:"CSCuq82322");
script_xref(name:"CISCO-BUG-ID", value:"CSCut95853");
script_xref(name:"CISCO-SA", value:"Cisco-SA-20150818-CVE-2015-4310");
script_name(english:"Cisco Finesse Appliance Multiple Cross-Site Scripting Vulnerabilities (Cisco-SA-20150818-CVE-2015-4310)");
script_summary(english:"Checks the Cisco Finesse appliance version.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco Finesse appliance is affected by multiple cross-site scripting (XSS)
vulnerabilities exist due to improper validation of user-supplied input before returning it to users. An unauthenticated,
remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code
in a user's browser session.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150818-CVE-2015-4310
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2dc6ff53");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuq73975");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuq82322");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut95853");
script_set_attribute(attribute:"solution", value:
"Apply the patch or upgrade to the version recommended in Cisco bug IDs CSCuq73975, CSCuq82322, and CSCut95853");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4310");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(352);
script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/18");
script_set_attribute(attribute:"patch_publication_date", value:"2015/08/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/21");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:finesse");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_voss_finesse_installed.nbin");
script_require_keys("installed_sw/Cisco VOSS Finesse", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
app_info = vcf::cisco_finesse::get_app_info(app:'Cisco VOSS Finesse');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
constraints = [
{ 'min_version':'9.1.1.10000.5', 'max_version':'9.1.1.10000.5', 'fixed_display' : 'Refer to Cisco Bug ID: CSCut95853' },
{ 'min_version':'10.0.1.10000.10', 'max_version':'10.0.1.10000.10', 'fixed_display' : 'Refer to Cisco Bug ID: CSCuq82322' },
{ 'min_version':'10.5.1.10000.3', 'max_version':'10.5.1.10000.3', 'fixed_display' : 'Refer to Cisco Bug IDs: CSCuq73975, CSCut95853' },
{ 'min_version':'10.6.1.10000.3', 'max_version':'10.6.1.10000.3', 'fixed_display' : 'Refer to Cisco Bug ID: CSCut95853' },
{ 'min_version':'11.0.1.10000.1', 'max_version':'11.0.1.10000.1', 'fixed_display' : 'Refer to Cisco Bug ID: CSCut95853' }
];
vcf::cisco_finesse::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Related
cisco
cisco
Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities
2015-08-18 20:55:34
prion
prion
Cross site scripting
2015-08-19 23:59:00
cvelist
cvelist
CVE-2015-4310
2015-08-19 23:00:00
nvd
nvd
CVE-2015-4310
2015-08-19 23:59:01
cve
cve
CVE-2015-4310
2015-08-19 23:59:01
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
43.6%
Related for CISCO-SA-20150818-CVE-2015-4310.NASL