Sign-up

ID

VAR-201703-0896


CVE

CVE-2017-3868


TITLE

Cisco UCS Director of Web -Based scripting interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-002458

DESCRIPTION

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvc44344. Cisco UCS Director (formerly known as Cisco Cloupia) is a set of converged infrastructure management solutions from Cisco. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost

Trust: 1.98

sources: NVD: CVE-2017-3868 // JVNDB: JVNDB-2017-002458 // BID: 96921 // VULHUB: VHN-112071

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system directorscope:eqversion:6.0\(0.0\)

Trust: 1.6

vendor:ciscomodel:unified computing system directorscope:eqversion:6.0(0.0)

Trust: 0.8

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.0

Trust: 0.3

sources: BID: 96921 // JVNDB: JVNDB-2017-002458 // CNNVD: CNNVD-201703-847 // NVD: CVE-2017-3868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3868
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3868
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-847
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112071
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3868
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112071
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3868
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112071 // JVNDB: JVNDB-2017-002458 // CNNVD: CNNVD-201703-847 // NVD: CVE-2017-3868

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-112071 // JVNDB: JVNDB-2017-002458 // NVD: CVE-2017-3868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-847

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201703-847

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002458

PATCH
title:cisco-sa-20170315-ucsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucs
Trust: 0.8
title:Cisco UCS Director Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68639
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002458 // 
            
            
            
            CNNVD: CNNVD-201703-847

EXTERNAL IDS
db:NVDid:CVE-2017-3868
Trust: 2.8
db:BIDid:96921
Trust: 1.4
db:SECTRACKid:1038039
Trust: 1.1
db:JVNDBid:JVNDB-2017-002458
Trust: 0.8
db:CNNVDid:CNNVD-201703-847
Trust: 0.7
db:VULHUBid:VHN-112071
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112071 // 
            
            
            
            BID: 96921 // 
            
            
            
            JVNDB: JVNDB-2017-002458 // 
            
            
            
            CNNVD: CNNVD-201703-847 // 
            
            
            
            NVD: CVE-2017-3868

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-ucs
Trust: 2.0
url:http://www.securityfocus.com/bid/96921
Trust: 1.1
url:http://www.securitytracker.com/id/1038039
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3868
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3868
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112071 // 
            
            
            
            BID: 96921 // 
            
            
            
            JVNDB: JVNDB-2017-002458 // 
            
            
            
            CNNVD: CNNVD-201703-847 // 
            
            
            
            NVD: CVE-2017-3868

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 96921

SOURCES
db:VULHUBid:VHN-112071
db:BIDid:96921
db:JVNDBid:JVNDB-2017-002458
db:CNNVDid:CNNVD-201703-847
db:NVDid:CVE-2017-3868

LAST UPDATE DATE
2024-11-23T21:41:33.449000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112071date:2017-07-12T00:00:00
db:BIDid:96921date:2017-03-16T00:00:00
db:JVNDBid:JVNDB-2017-002458date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-847date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3868date:2024-11-21T03:26:16.790

SOURCES RELEASE DATE
db:VULHUBid:VHN-112071date:2017-03-17T00:00:00
db:BIDid:96921date:2017-03-16T00:00:00
db:JVNDBid:JVNDB-2017-002458date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-847date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3868date:2017-03-17T22:59:00.297