CVE-2016-9202

Published Dec 14, 2016

Last updated 8 years ago

CVSS medium 6.1

Overview

Description: A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.1-036:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA2ADA46-57A8-40E8-8E53-1369F1486C35"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.2-023:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63C8EAC9-36A1-4EDB-BDE7-28E876DC366E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.2-028:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71566E18-4EE0-4BBE-A073-28F49983BA62"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.2-036:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "438E2599-973C-4F67-824B-AE1847EA4B9E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA369D6F-7011-49CF-B0E7-D1B7A2D1B719"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D328123-3F80-4686-A464-574CDFF67247"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C17D2028-25C5-4234-8723-7040DCFBEE92"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61E682A3-28D4-4163-B047-DAD05D404128"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-046:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D09E23D3-29BC-4B86-AB55-975B818CCB33"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-047:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4ED5BEF-5F3F-42D6-A953-B12FC9028EB2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-054:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE59F47E-09CB-4C1A-AE70-ABAEDE74DA92"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References