CVE-2016-9202 - Vulnerability Details

Vendors	Products
Cisco	Email Security Appliance

Link	Providers
http://www.securityfocus.com/bid/94799
http://www.securitytracker.com/id/1037423
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Cisco Email Security Appliance (ESA)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Email Security Appliance (ESA)"}]}], "datePublic": "2016-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T21:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1037423", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037423"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1"}, {"name": "94799", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94799"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-9202", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Email Security Appliance (ESA)", "version": {"version_data": [{"version_value": "Cisco Email Security Appliance (ESA)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "1037423", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037423"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1"}, {"name": "94799", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94799"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:11.207Z"}, "title": "CVE Program Container", "references": [{"name": "1037423", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037423"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1"}, {"name": "94799", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94799"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-9202", "datePublished": "2016-12-14T00:37:00", "dateReserved": "2016-11-06T00:00:00", "dateUpdated": "2024-08-06T02:42:11.207Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Cisco Email Security Appliance (ESA) (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Cisco Email Security Appliance (ESA) (string)

}

]

}

]

datePublic : 2016-12-13T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : unspecified (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-20T21:57:01 (string)

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

}

references : [ »

0 : { »

name : 1037423 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1037423 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 (string)

}

2 : { »

name : 94799 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/94799 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@cisco.com (string)

ID : CVE-2016-9202 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Cisco Email Security Appliance (ESA) (string)

version : { »

version_data : [ »

0 : { »

version_value : Cisco Email Security Appliance (ESA) (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : unspecified (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1037423 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1037423 (string)

}

1 : { »

name : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 (string)

refsource : CONFIRM (string)

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 (string)

}

2 : { »

name : 94799 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/94799 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T02:42:11.207Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1037423 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1037423 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 (string)

}

2 : { »

name : 94799 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/94799 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

assignerShortName : cisco (string)

cveId : CVE-2016-9202 (string)

datePublished : 2016-12-14T00:37:00 (string)

dateReserved : 2016-11-06T00:00:00 (string)

dateUpdated : 2024-08-06T02:42:11.207Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.1-036:*:*:*:*:*:*:*", "matchCriteriaId": "FA2ADA46-57A8-40E8-8E53-1369F1486C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.2-023:*:*:*:*:*:*:*", "matchCriteriaId": "63C8EAC9-36A1-4EDB-BDE7-28E876DC366E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.2-028:*:*:*:*:*:*:*", "matchCriteriaId": "71566E18-4EE0-4BBE-A073-28F49983BA62", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.2-036:*:*:*:*:*:*:*", "matchCriteriaId": "438E2599-973C-4F67-824B-AE1847EA4B9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA369D6F-7011-49CF-B0E7-D1B7A2D1B719", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*", "matchCriteriaId": "5D328123-3F80-4686-A464-574CDFF67247", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "C17D2028-25C5-4234-8723-7040DCFBEE92", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*", "matchCriteriaId": "EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*", "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*", "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*", "matchCriteriaId": "61E682A3-28D4-4163-B047-DAD05D404128", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*", "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-046:*:*:*:*:*:*:*", "matchCriteriaId": "D09E23D3-29BC-4B86-AB55-975B818CCB33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-047:*:*:*:*:*:*:*", "matchCriteriaId": "F4ED5BEF-5F3F-42D6-A953-B12FC9028EB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-054:*:*:*:*:*:*:*", "matchCriteriaId": "AE59F47E-09CB-4C1A-AE70-ABAEDE74DA92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Email Security Appliance (ESA) Switches podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS sostenido contra el usuario de la interfaz afectada en un dispositivo afectado. M\u00e1s Informaci\u00f3n: CSCvb37346. Lanzamientos Afectados Conocidos: 9.1.1-036 9.7.1-066."}], "id": "CVE-2016-9202", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-14T00:59:23.020", "references": [{"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94799"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037423"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037423"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.1-036:*:*:*:*:*:*:* (string)

matchCriteriaId : FA2ADA46-57A8-40E8-8E53-1369F1486C35 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.2-023:*:*:*:*:*:*:* (string)

matchCriteriaId : 63C8EAC9-36A1-4EDB-BDE7-28E876DC366E (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.2-028:*:*:*:*:*:*:* (string)

matchCriteriaId : 71566E18-4EE0-4BBE-A073-28F49983BA62 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.2-036:*:*:*:*:*:*:* (string)

matchCriteriaId : 438E2599-973C-4F67-824B-AE1847EA4B9E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EA369D6F-7011-49CF-B0E7-D1B7A2D1B719 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 5D328123-3F80-4686-A464-574CDFF67247 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : C17D2028-25C5-4234-8723-7040DCFBEE92 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:* (string)

matchCriteriaId : EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 98D691BA-8205-4C49-851B-2FDC1F22F641 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:* (string)

matchCriteriaId : ED373FBD-1BB7-4532-946F-9DA2DF33A8D1 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A450E5F-D02B-4F4D-9844-794D6A39D923 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:* (string)

matchCriteriaId : 61E682A3-28D4-4163-B047-DAD05D404128 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:* (string)

matchCriteriaId : 72DADB2C-D86D-44B5-B87B-289990A7D9B4 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.7.2-046:*:*:*:*:*:*:* (string)

matchCriteriaId : D09E23D3-29BC-4B86-AB55-975B818CCB33 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.7.2-047:*:*:*:*:*:*:* (string)

matchCriteriaId : F4ED5BEF-5F3F-42D6-A953-B12FC9028EB2 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.7.2-054:*:*:*:*:*:*:* (string)

matchCriteriaId : AE59F47E-09CB-4C1A-AE70-ABAEDE74DA92 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en la interfaz de administración basada en web de Cisco Email Security Appliance (ESA) Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS sostenido contra el usuario de la interfaz afectada en un dispositivo afectado. Más Información: CSCvb37346. Lanzamientos Afectados Conocidos: 9.1.1-036 9.7.1-066. (string)

}

]

id : CVE-2016-9202 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-12-14T00:59:23.020 (string)

references : [ »

0 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94799 (string)

}

1 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1037423 (string)

}

2 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94799 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1037423 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1 (string)

}

]

sourceIdentifier : psirt@cisco.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object