Detections
Analytics
Cisco APIC-EM 1.1 Unspecified XSS (credentialed check)
medium Nessus Plugin ID 88595
Language:
Synopsis
A network management system running on the remote host is affected by an unspecified reflected cross-site scripting vulnerability.Description
According to its self-reported version number, the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) application running on the remote host is version 1.1. It is, therefore, affected by a reflected cross-site scripting vulnerability due to improper sanitization of input before returning it to users. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.Solution
Contact the vendor for a fix.See Also
Plugin Details
Severity: Medium
ID: 88595
File Name: cisco_apic_1_1.nasl
Version: 1.8
Type: remote
Family: CISCO
Published: 2/5/2016
Updated: 11/20/2019
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2016-1305
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:cisco:application_policy_infrastructure_controller_enterprise_module
Required KB Items: Settings/ParanoidReport, installed_sw/Cisco APIC-EM
Exploit Ease: No known exploits are available
Patch Publication Date: 2/1/2016
Vulnerability Publication Date: 2/1/2016
Reference Information
CVE: CVE-2016-1305
BID: 82318
CISCO-SA: cisco-sa-20160201-apic-em
CISCO-BUG-ID: CSCux15511