Details of VAR-201704-1327

ID

VAR-201704-1327

CVE

CVE-2017-6611

TITLE

Cisco Prime Infrastructure of Web Cross-site scripting vulnerability in framework code

Trust: 0.8

sources: JVNDB: JVNDB-2017-003235

DESCRIPTION

A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCuw65830. Vendors have confirmed this vulnerability Bug ID CSCuw65830 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco Prime Infrastructure (PI) is a set of Cisco (Cisco) wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technology

Trust: 1.98

sources: NVD: CVE-2017-6611 // JVNDB: JVNDB-2017-003235 // BID: 97931 // VULHUB: VHN-114814

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2\(2\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2(2)	Trust: 1.1

sources: BID: 97931 // JVNDB: JVNDB-2017-003235 // CNNVD: CNNVD-201704-1060 // NVD: CVE-2017-6611

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6611
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6611
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201704-1060
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114814
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6611
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114814
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6611
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114814 // JVNDB: JVNDB-2017-003235 // CNNVD: CNNVD-201704-1060 // NVD: CVE-2017-6611

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-114814 // JVNDB: JVNDB-2017-003235 // NVD: CVE-2017-6611

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1060

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201704-1060

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003235

PATCH

title:	cisco-sa-20170419-cpi	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi	Trust: 0.8
title:	Cisco Prime Infrastructure Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69457	Trust: 0.6

sources: JVNDB: JVNDB-2017-003235 // CNNVD: CNNVD-201704-1060

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6611	Trust: 2.8
db:	BID	id:	97931	Trust: 1.4
db:	SECTRACK	id:	1038330	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-003235	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1060	Trust: 0.7
db:	VULHUB	id:	VHN-114814	Trust: 0.1

sources: VULHUB: VHN-114814 // BID: 97931 // JVNDB: JVNDB-2017-003235 // CNNVD: CNNVD-201704-1060 // NVD: CVE-2017-6611

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-cpi	Trust: 2.0
url:	http://www.securityfocus.com/bid/97931	Trust: 1.1
url:	http://www.securitytracker.com/id/1038330	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6611	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6611	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114814 // BID: 97931 // JVNDB: JVNDB-2017-003235 // CNNVD: CNNVD-201704-1060 // NVD: CVE-2017-6611

CREDITS

Cisco

Trust: 0.3

sources: BID: 97931

SOURCES

db:	VULHUB	id:	VHN-114814
db:	BID	id:	97931
db:	JVNDB	id:	JVNDB-2017-003235
db:	CNNVD	id:	CNNVD-201704-1060
db:	NVD	id:	CVE-2017-6611

LAST UPDATE DATE

2024-11-23T22:17:58.507000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114814	date:	2017-07-11T00:00:00
db:	BID	id:	97931	date:	2017-05-02T05:06:00
db:	JVNDB	id:	JVNDB-2017-003235	date:	2017-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201704-1060	date:	2017-04-21T00:00:00
db:	NVD	id:	CVE-2017-6611	date:	2024-11-21T03:30:07.207

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114814	date:	2017-04-20T00:00:00
db:	BID	id:	97931	date:	2017-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-003235	date:	2017-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201704-1060	date:	2017-04-21T00:00:00
db:	NVD	id:	CVE-2017-6611	date:	2017-04-20T22:59:00.637