2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.056 Low
EPSS
Percentile
93.3%
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.
secunia.com/advisories/17780
secunia.com/advisories/18528
securityreason.com/securityalert/227
securitytracker.com/id?1015275
www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml
www.idefense.com/intelligence/vulnerabilities/display.php?id=372
www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html
www.securityfocus.com/archive/1/417916/100/0/threaded
www.securityfocus.com/bid/15602
www.securityfocus.com/bid/16291
www.vupen.com/english/advisories/2005/2657
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5867