CVE-2007-5547

Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/43742
http://www.irmplc.com/index.php/111-Vendor-Alerts
http://osvdb.org/43742
http://www.irmplc.com/index.php/111-Vendor-Alerts

Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:38

Type	Values Removed	Values Added
References	~~() http://osvdb.org/43742 -~~	() http://osvdb.org/43742 -
References	~~() http://www.irmplc.com/index.php/111-Vendor-Alerts -~~	() http://www.irmplc.com/index.php/111-Vendor-Alerts -

Information

Published : 2007-10-18 20:17

Updated : 2024-11-21 00:38

NVD link : CVE-2007-5547

Mitre link : CVE-2007-5547

CVE.ORG link : CVE-2007-5547

JSON object : View

Products Affected

cisco

ios

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2007-5547", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-18T20:17:00.000", "references": [{"url": "http://osvdb.org/43742", "source": "cve@mitre.org"}, {"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/43742", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Cisco IOS permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n, y ejecutar comandos IOS, a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como PSIRT-2022590358. NOTA: a fecha de 16/10/2007, la \u00fanica revelaci\u00f3n es un vago preaviso sin informaci\u00f3n de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con prop\u00f3sito de seguimiento."}], "lastModified": "2024-11-21T00:38:09.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}