ID

VAR-201704-0649


CVE

CVE-2017-3848


TITLE

Cisco Prime Infrastructure of HTTP Web-based management interface vulnerable to cross-site scripting attacks

Trust: 0.8

sources: JVNDB: JVNDB-2017-002911

DESCRIPTION

A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID's CSCuw63001 and CSCuw63003. Cisco Prime Infrastructure (PI) is a set of Cisco (Cisco) wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technology

Trust: 1.98

sources: NVD: CVE-2017-3848 // JVNDB: JVNDB-2017-002911 // BID: 96505 // VULHUB: VHN-112051

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion:2.2\(2\)

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope:eqversion:2.2(2)

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion:3.1(0.0)

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion:3.0.0

Trust: 0.6

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

sources: BID: 96505 // JVNDB: JVNDB-2017-002911 // CNNVD: CNNVD-201703-082 // NVD: CVE-2017-3848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3848
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3848
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-082
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112051
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3848
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112051
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3848
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112051 // JVNDB: JVNDB-2017-002911 // CNNVD: CNNVD-201703-082 // NVD: CVE-2017-3848

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-112051 // JVNDB: JVNDB-2017-002911 // NVD: CVE-2017-3848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-082

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201703-082

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002911

PATCH

title:cisco-sa-20170301-cpiurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-cpi

Trust: 0.8

title:Cisco Prime Infrastructure Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67993

Trust: 0.6

sources: JVNDB: JVNDB-2017-002911 // CNNVD: CNNVD-201703-082

EXTERNAL IDS

db:NVDid:CVE-2017-3848

Trust: 2.8

db:BIDid:96505

Trust: 2.0

db:SECTRACKid:1037947

Trust: 1.7

db:JVNDBid:JVNDB-2017-002911

Trust: 0.8

db:CNNVDid:CNNVD-201703-082

Trust: 0.7

db:VULHUBid:VHN-112051

Trust: 0.1

sources: VULHUB: VHN-112051 // BID: 96505 // JVNDB: JVNDB-2017-002911 // CNNVD: CNNVD-201703-082 // NVD: CVE-2017-3848

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170301-cpi

Trust: 2.0

url:http://www.securityfocus.com/bid/96505

Trust: 1.7

url:http://www.securitytracker.com/id/1037947

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3848

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-3848

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-112051 // BID: 96505 // JVNDB: JVNDB-2017-002911 // CNNVD: CNNVD-201703-082 // NVD: CVE-2017-3848

CREDITS

Cisco

Trust: 0.9

sources: BID: 96505 // CNNVD: CNNVD-201703-082

SOURCES

db:VULHUBid:VHN-112051
db:BIDid:96505
db:JVNDBid:JVNDB-2017-002911
db:CNNVDid:CNNVD-201703-082
db:NVDid:CVE-2017-3848

LAST UPDATE DATE

2024-11-23T22:38:35.686000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-112051date:2019-07-29T00:00:00
db:BIDid:96505date:2017-03-07T03:10:00
db:JVNDBid:JVNDB-2017-002911date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201703-082date:2019-07-30T00:00:00
db:NVDid:CVE-2017-3848date:2024-11-21T03:26:14.170

SOURCES RELEASE DATE

db:VULHUBid:VHN-112051date:2017-04-07T00:00:00
db:BIDid:96505date:2017-03-02T00:00:00
db:JVNDBid:JVNDB-2017-002911date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201703-082date:2017-03-03T00:00:00
db:NVDid:CVE-2017-3848date:2017-04-07T17:59:00.327