Lucene search

[email protected]CVE-2005-3921

HistoryNov 30, 2005 - 11:03 a.m.

CVE-2005-3921

2005-11-3011:03:00

[email protected]

web.nvd.nist.gov

cisco

ios

xss

vulnerability

web server

remote

injection

html

cdp

cisco discovery protocol

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.056 Low

EPSS

Percentile

93.3%

JSON

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.

Affected configurations

NVD

Node

ciscoiosRange≤12.3

ciscoiosMatch12.3\(1a\)

ciscoiosMatch12.3\(2\)ja

ciscoiosMatch12.3\(2\)ja5

ciscoiosMatch12.3\(2\)jk

ciscoiosMatch12.3\(2\)jk1

ciscoiosMatch12.3\(2\)t3

ciscoiosMatch12.3\(2\)t8

ciscoiosMatch12.3\(2\)xa4

ciscoiosMatch12.3\(2\)xa5

ciscoiosMatch12.3\(2\)xc1

ciscoiosMatch12.3\(2\)xc2

ciscoiosMatch12.3\(2\)xc3

ciscoiosMatch12.3\(2\)xc4

ciscoiosMatch12.3\(2\)xe3

ciscoiosMatch12.3\(2\)xe4

ciscoiosMatch12.3\(3e\)

ciscoiosMatch12.3\(3h\)

ciscoiosMatch12.3\(3i\)

ciscoiosMatch12.3\(4\)eo1

ciscoiosMatch12.3\(4\)ja

ciscoiosMatch12.3\(4\)ja1

ciscoiosMatch12.3\(4\)t

ciscoiosMatch12.3\(4\)t1

ciscoiosMatch12.3\(4\)t2

ciscoiosMatch12.3\(4\)t3

ciscoiosMatch12.3\(4\)t4

ciscoiosMatch12.3\(4\)t8

ciscoiosMatch12.3\(4\)tpc11a

ciscoiosMatch12.3\(4\)xd

ciscoiosMatch12.3\(4\)xd1

ciscoiosMatch12.3\(4\)xd2

ciscoiosMatch12.3\(4\)xe4

ciscoiosMatch12.3\(4\)xg1

ciscoiosMatch12.3\(4\)xg2

ciscoiosMatch12.3\(4\)xg4

ciscoiosMatch12.3\(4\)xg5

ciscoiosMatch12.3\(4\)xh

ciscoiosMatch12.3\(4\)xk

ciscoiosMatch12.3\(4\)xk1

ciscoiosMatch12.3\(4\)xk3

ciscoiosMatch12.3\(4\)xk4

ciscoiosMatch12.3\(4\)xq

ciscoiosMatch12.3\(4\)xq1

ciscoiosMatch12.3\(5\)

ciscoiosMatch12.3\(5\)b1

ciscoiosMatch12.3\(5a\)

ciscoiosMatch12.3\(5a\)b

ciscoiosMatch12.3\(5a\)b2

ciscoiosMatch12.3\(5a\)b5

ciscoiosMatch12.3\(5b\)

ciscoiosMatch12.3\(5c\)

ciscoiosMatch12.3\(5e\)

ciscoiosMatch12.3\(5f\)

ciscoiosMatch12.3\(6\)

ciscoiosMatch12.3\(6a\)

ciscoiosMatch12.3\(6d\)

ciscoiosMatch12.3\(6e\)

ciscoiosMatch12.3\(6f\)

ciscoiosMatch12.3\(7\)ja

ciscoiosMatch12.3\(7\)ja1

ciscoiosMatch12.3\(7\)jx

ciscoiosMatch12.3\(7\)t

ciscoiosMatch12.3\(7\)t4

ciscoiosMatch12.3\(7\)t8

ciscoiosMatch12.3\(7\)t9

ciscoiosMatch12.3\(7\)t10

ciscoiosMatch12.3\(7\)t12

ciscoiosMatch12.3\(7\)xi3

ciscoiosMatch12.3\(7\)xi4

ciscoiosMatch12.3\(7\)xi7

ciscoiosMatch12.3\(7\)xr3

ciscoiosMatch12.3\(7\)xr4

ciscoiosMatch12.3\(7\)xr6

ciscoiosMatch12.3\(7.7\)

ciscoiosMatch12.3\(8\)t4

ciscoiosMatch12.3\(8\)t7

ciscoiosMatch12.3\(8\)t8

ciscoiosMatch12.3\(8\)t9

ciscoiosMatch12.3\(8\)t11

ciscoiosMatch12.3\(8\)xu2

ciscoiosMatch12.3\(8\)xy4

ciscoiosMatch12.3\(8\)xy5

ciscoiosMatch12.3\(8\)xy6

ciscoiosMatch12.3\(8\)ya1

ciscoiosMatch12.3\(8\)yd

ciscoiosMatch12.3\(8\)yf

ciscoiosMatch12.3\(8\)yg

ciscoiosMatch12.3\(8\)yg1

ciscoiosMatch12.3\(8\)yg2

ciscoiosMatch12.3\(8\)yg3

ciscoiosMatch12.3\(8\)yh

ciscoiosMatch12.3\(8\)yi

ciscoiosMatch12.3\(8\)yi1

ciscoiosMatch12.3\(8\)yi3

ciscoiosMatch12.3\(9\)

ciscoiosMatch12.3\(9a\)bc

ciscoiosMatch12.3\(9a\)bc2

ciscoiosMatch12.3\(9a\)bc6

ciscoiosMatch12.3\(9a\)bc7

ciscoiosMatch12.3\(9d\)

ciscoiosMatch12.3\(9e\)

ciscoiosMatch12.3\(10\)

ciscoiosMatch12.3\(10c\)

ciscoiosMatch12.3\(10d\)

ciscoiosMatch12.3\(10e\)

ciscoiosMatch12.3\(11\)

ciscoiosMatch12.3\(11\)t

ciscoiosMatch12.3\(11\)t4

ciscoiosMatch12.3\(11\)t5

ciscoiosMatch12.3\(11\)t6

ciscoiosMatch12.3\(11\)t8

ciscoiosMatch12.3\(11\)t9

ciscoiosMatch12.3\(11\)xl

ciscoiosMatch12.3\(11\)xl3

ciscoiosMatch12.3\(11\)yf

ciscoiosMatch12.3\(11\)yf2

ciscoiosMatch12.3\(11\)yf3

ciscoiosMatch12.3\(11\)yf4

ciscoiosMatch12.3\(11\)yj

ciscoiosMatch12.3\(11\)yk

ciscoiosMatch12.3\(11\)yk1

ciscoiosMatch12.3\(11\)yk2

ciscoiosMatch12.3\(11\)yl

ciscoiosMatch12.3\(11\)yn

ciscoiosMatch12.3\(11\)yr

ciscoiosMatch12.3\(11\)ys

ciscoiosMatch12.3\(11\)ys1

ciscoiosMatch12.3\(11\)yw

ciscoiosMatch12.3\(12\)

ciscoiosMatch12.3\(12b\)

ciscoiosMatch12.3\(12e\)

ciscoiosMatch12.3\(13\)

ciscoiosMatch12.3\(13a\)

ciscoiosMatch12.3\(13a\)bc

ciscoiosMatch12.3\(13a\)bc1

ciscoiosMatch12.3\(13b\)

ciscoiosMatch12.3\(14\)t

ciscoiosMatch12.3\(14\)t2

ciscoiosMatch12.3\(14\)t4

ciscoiosMatch12.3\(14\)t5

ciscoiosMatch12.3\(14\)ym4

ciscoiosMatch12.3\(14\)yq

ciscoiosMatch12.3\(14\)yq1

ciscoiosMatch12.3\(14\)yq3

ciscoiosMatch12.3\(14\)yq4

ciscoiosMatch12.3\(14\)yt

ciscoiosMatch12.3\(14\)yt1

ciscoiosMatch12.3\(14\)yu

ciscoiosMatch12.3\(14\)yu1

ciscoiosMatch12.3\(15\)

ciscoiosMatch12.3\(15b\)

ciscoiosMatch12.3\(16\)

ciscoiosMatch12.3b

ciscoiosMatch12.3bc

ciscoiosMatch12.3bw

ciscoiosMatch12.3ja

ciscoiosMatch12.3jk

ciscoiosMatch12.3jx

ciscoiosMatch12.3t

ciscoiosMatch12.3tpc

ciscoiosMatch12.3xa

ciscoiosMatch12.3xb

ciscoiosMatch12.3xc

ciscoiosMatch12.3xd

ciscoiosMatch12.3xe

ciscoiosMatch12.3xf

ciscoiosMatch12.3xg

ciscoiosMatch12.3xh

ciscoiosMatch12.3xi

ciscoiosMatch12.3xj

ciscoiosMatch12.3xk

ciscoiosMatch12.3xl

ciscoiosMatch12.3xm

ciscoiosMatch12.3xn

ciscoiosMatch12.3xq

ciscoiosMatch12.3xr

ciscoiosMatch12.3xs

ciscoiosMatch12.3xt

ciscoiosMatch12.3xu

ciscoiosMatch12.3xv

ciscoiosMatch12.3xw

ciscoiosMatch12.3xx

ciscoiosMatch12.3xy

ciscoiosMatch12.3xz

ciscoiosMatch12.3ya

ciscoiosMatch12.3yb

ciscoiosMatch12.3yc

ciscoiosMatch12.3yd

ciscoiosMatch12.3ye

ciscoiosMatch12.3yf

ciscoiosMatch12.3yg

ciscoiosMatch12.3yh

ciscoiosMatch12.3yi

ciscoiosMatch12.3yj

ciscoiosMatch12.3yk

ciscoiosMatch12.3yl

ciscoiosMatch12.3ym

ciscoiosMatch12.3yn

ciscoiosMatch12.3yq

ciscoiosMatch12.3yr

ciscoiosMatch12.3ys

ciscoiosMatch12.3yt

ciscoiosMatch12.3yu

ciscoiosMatch12.3yw

ciscoiosMatch12.3yx

ciscoiosMatch12.4

ciscoiosMatch12.4\(1\)

ciscoiosMatch12.4\(1b\)

ciscoiosMatch12.4\(1c\)

ciscoiosMatch12.4\(2\)mr

ciscoiosMatch12.4\(2\)mr1

ciscoiosMatch12.4\(2\)t

ciscoiosMatch12.4\(2\)t1

ciscoiosMatch12.4\(2\)t2

ciscoiosMatch12.4\(2\)xa

ciscoiosMatch12.4\(2\)xb

ciscoiosMatch12.4\(3a\)

ciscoiosMatch12.4\(3b\)

ciscoiosMatch12.4\(4\)t

ciscoiosMatch12.4\(5\)

ciscoiosMatch12.4mr

ciscoiosMatch12.4t

ciscoiosMatch12.4xa

ciscoiosMatch12.4xb

CPENameOperatorVersion
cisco:ioscisco iosle12.3
cisco:ioscisco ioseq12.3\(1a\)
cisco:ioscisco ioseq12.3\(2\)ja
cisco:ioscisco ioseq12.3\(2\)ja5
cisco:ioscisco ioseq12.3\(2\)jk
cisco:ioscisco ioseq12.3\(2\)jk1
cisco:ioscisco ioseq12.3\(2\)t3
cisco:ioscisco ioseq12.3\(2\)t8
cisco:ioscisco ioseq12.3\(2\)xa4
cisco:ioscisco ioseq12.3\(2\)xa5

CPE	Name	Operator	Version
cisco:ios	cisco ios	le	12.3
cisco:ios	cisco ios	eq	12.3\(1a\)
cisco:ios	cisco ios	eq	12.3\(2\)ja
cisco:ios	cisco ios	eq	12.3\(2\)ja5
cisco:ios	cisco ios	eq	12.3\(2\)jk
cisco:ios	cisco ios	eq	12.3\(2\)jk1
cisco:ios	cisco ios	eq	12.3\(2\)t3
cisco:ios	cisco ios	eq	12.3\(2\)t8
cisco:ios	cisco ios	eq	12.3\(2\)xa4
cisco:ios	cisco ios	eq	12.3\(2\)xa5

Rows per page:

1-10 of 2251

References

secunia.com/advisories/17780

secunia.com/advisories/18528

securityreason.com/securityalert/227

securitytracker.com/id?1015275

www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml

www.idefense.com/intelligence/vulnerabilities/display.php?id=372

www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html

www.securityfocus.com/archive/1/417916/100/0/threaded

www.securityfocus.com/bid/15602

www.securityfocus.com/bid/16291

www.vupen.com/english/advisories/2005/2657

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5867

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.056 Low

EPSS

Percentile

93.3%

JSON

Related for CVE-2005-3921

nessus1 checkpoint_advisories1 cisco1 cvelist1 nvd1