CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2007-1467

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
Publish Date : 2007-03-16 Last Update Date : 2008-09-05
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
3.5
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Single system (The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID CWE id is not defined for this vulnerability

- Products Affected By CVE-2007-1467

# Product Type Vendor Product Version Update Edition Language
1 Application Cisco Acs Solution Engine 4.1 Version Details Vulnerabilities
2 Application Cisco Acs Solution Engine 4.1 Windows Version Details Vulnerabilities
3 Hardware Cisco Call Manager Version Details Vulnerabilities
4 Application Cisco Ciscoworks Version Details Vulnerabilities
5 Application Cisco Ip Communicator Version Details Vulnerabilities
6 Application Cisco Meetingplace Version Details Vulnerabilities
7 Hardware Cisco Network Analysis Module Version Details Vulnerabilities
8 Application Cisco Security Device Manager Version Details Vulnerabilities
9 Application Cisco Unified Meetingplace Version Details Vulnerabilities
10 Application Cisco Unified Meetingplace Express Version Details Vulnerabilities
11 Application Cisco Unified Personal Communicator Version Details Vulnerabilities
12 Application Cisco Unified Video Advantage Version Details Vulnerabilities
13 Application Cisco Unified Videoconferencing Version Details Vulnerabilities
14 Application Cisco Unified Videoconferencing Manager Version Details Vulnerabilities
15 Application Cisco Vpn Client 3.5.1 Linux Version Details Vulnerabilities
16 Application Cisco Vpn Client 3.5.1 Solaris Version Details Vulnerabilities
17 Application Cisco Vpn Client 3.5.2 Mac Os X Version Details Vulnerabilities
18 Application Cisco Vpn Client 3.5.2 Solaris Version Details Vulnerabilities
19 Application Cisco Vpn Client 3.5.2b Linux Version Details Vulnerabilities
20 Application Cisco Vpn Client 3.5.2b Mac Os X Version Details Vulnerabilities
21 Application Cisco Vpn Client 3.5.2b Solaris Version Details Vulnerabilities
22 Application Cisco Vpn Client 3.5.2 Linux Version Details Vulnerabilities
23 Application Cisco Vpn Client 3.5.4 Linux Version Details Vulnerabilities
24 Application Cisco Vpn Client 3.5.4 Mac Os X Version Details Vulnerabilities
25 Application Cisco Vpn Client 3.5.4 Solaris Version Details Vulnerabilities
26 Application Cisco Vpn Client 3.6 Linux Version Details Vulnerabilities
27 Application Cisco Vpn Client 3.6 Mac Os X Version Details Vulnerabilities
28 Application Cisco Vpn Client 3.6 Solaris Version Details Vulnerabilities
29 Application Cisco Vpn Client 3.6.1 Solaris Version Details Vulnerabilities
30 Application Cisco Vpn Client 3.6.1 Linux Version Details Vulnerabilities
31 Application Cisco Vpn Client 3.6.1 Mac Os X Version Details Vulnerabilities
32 Application Cisco Vpn Client 4.0.2c Mac Os X Version Details Vulnerabilities
33 Application Cisco Vpn Client 4.0.2c Solaris Version Details Vulnerabilities
34 Application Cisco Vpn Client 4.0.2a Mac Os X Version Details Vulnerabilities
35 Application Cisco Vpn Client 4.0.2a Solaris Version Details Vulnerabilities
36 Application Cisco Vpn Client 4.8.1 Windows Version Details Vulnerabilities
37 Application Cisco Wan Manager Version Details Vulnerabilities
38 Hardware Cisco Wireless Control System 4.0 Version Details Vulnerabilities
39 Application Cisco Wireless Lan Controllers Version Details Vulnerabilities
40 Application Cisco Wireless Lan Solution Engine Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Cisco Acs Solution Engine 2
Cisco Call Manager 1
Cisco Ciscoworks 1
Cisco Ip Communicator 1
Cisco Meetingplace 1
Cisco Network Analysis Module 1
Cisco Security Device Manager 1
Cisco Unified Meetingplace 1
Cisco Unified Meetingplace Express 1
Cisco Unified Personal Communicator 1
Cisco Unified Video Advantage 1
Cisco Unified Videoconferencing 1
Cisco Unified Videoconferencing Manager 1
Cisco Vpn Client 22
Cisco Wan Manager 1
Cisco Wireless Control System 1
Cisco Wireless Lan Controllers 1
Cisco Wireless Lan Solution Engine 1

- References For CVE-2007-1467

http://www.securitytracker.com/id?1017778
SECTRACK 1017778
http://www.frsirt.com/english/advisories/2007/0973
VUPEN ADV-2007-0973
http://xforce.iss.net/xforce/xfdb/33024
XF cisco-presearch-xss(33024)
http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html
CISCO 20070315 Cross-Site Scripting Vulnerability in Online Help System
http://www.securityfocus.com/archive/1/archive/1/462932/100/0/threaded
BUGTRAQ 20070315 XSS vulnerability in the online help system of several Cisco products
http://www.securityfocus.com/archive/1/archive/1/462944/100/0/threaded
BUGTRAQ 20070315 Re: XSS vulnerability in the online help system of several Cisco products
http://www.securityfocus.com/bid/22982
BID 22982 Multiple Cisco Products Online Help Cross Site Scripting Vulnerability Release Date:2007-04-11
http://securityreason.com/securityalert/2437
SREASON 2437
http://secunia.com/advisories/24499
SECUNIA 24499

- Metasploit Modules Related To CVE-2007-1467

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.