CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
53.2%
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration
System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting
(XSS) attack.
The vulnerability is due to insufficient input validation of some parameters passed to the web
server. An attacker could exploit this vulnerability by convincing the user to access a malicious
link or by intercepting the user request and injecting the malicious code. An exploit could allow
the attacker to execute arbitrary script code in the context of the affected site or allow the
attacker to access sensitive browser-based information.
Cisco has not released software updates that address this vulnerability. There are no workarounds
that address this vulnerability.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:cisco:ip_interoperability_and_collaboration_system";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.107072");
script_cve_id("CVE-2016-6429");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_version("2023-07-20T05:05:17+0000");
script_name("Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability");
script_xref(name:"URL", value:"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");
script_tag(name:"summary", value:"A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration
System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting
(XSS) attack.
The vulnerability is due to insufficient input validation of some parameters passed to the web
server. An attacker could exploit this vulnerability by convincing the user to access a malicious
link or by intercepting the user request and injecting the malicious code. An exploit could allow
the attacker to execute arbitrary script code in the context of the affected site or allow the
attacker to access sensitive browser-based information.
Cisco has not released software updates that address this vulnerability. There are no workarounds
that address this vulnerability.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-11-28 20:32:00 +0000 (Mon, 28 Nov 2016)");
script_tag(name:"creation_date", value:"2016-10-28 13:58:43 +0200 (Fri, 28 Oct 2016)");
script_category(ACT_GATHER_INFO);
script_family("CISCO");
script_copyright("Copyright (C) 2016 Greenbone AG");
script_dependencies("gb_cisco_ipics_version.nasl");
script_mandatory_keys("cisco/ipics/version");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! version = get_app_version( cpe:CPE ) ) exit( 0 );
affected = make_list(
'4.10(1)' );
foreach af ( affected )
{
if( version == af )
{
report = report_fixed_ver( installed_version:version, fixed_version: "See advisory" );
security_message( port:0, data:report );
exit( 0 );
}
}
exit( 99 );
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
53.2%