Details of VAR-201707-0896

ID

VAR-201707-0896

CVE

CVE-2017-6724

TITLE

Cisco Prime Infrastructure of Web Cross-site scripting vulnerability in framework code

Trust: 0.8

sources: JVNDB: JVNDB-2017-005316

DESCRIPTION

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.1(0.0). Vendors have confirmed this vulnerability Bug ID CSCuw65843 It is released as.Of the affected system by a remote attacker. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuw65843. Cisco Prime Infrastructure (PI) is a set of Cisco (Cisco) wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technology. The vulnerability stems from the fact that the program does not adequately perform input validation on the parameters passed to the web server

Trust: 1.98

sources: NVD: CVE-2017-6724 // JVNDB: JVNDB-2017-005316 // BID: 99203 // VULHUB: VHN-114927

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1\(0.0\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1(0.0)	Trust: 1.1

sources: BID: 99203 // JVNDB: JVNDB-2017-005316 // CNNVD: CNNVD-201706-1015 // NVD: CVE-2017-6724

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6724
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6724
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201706-1015
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114927
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6724
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114927
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6724
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114927 // JVNDB: JVNDB-2017-005316 // CNNVD: CNNVD-201706-1015 // NVD: CVE-2017-6724

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-114927 // JVNDB: JVNDB-2017-005316 // NVD: CVE-2017-6724

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1015

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201706-1015

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005316

PATCH

title:	cisco-sa-20170621-piwf	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf	Trust: 0.8
title:	Cisco Prime Infrastructure Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71277	Trust: 0.6

sources: JVNDB: JVNDB-2017-005316 // CNNVD: CNNVD-201706-1015

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6724	Trust: 2.8
db:	BID	id:	99203	Trust: 2.0
db:	SECTRACK	id:	1038751	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-005316	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-1015	Trust: 0.7
db:	NSFOCUS	id:	37047	Trust: 0.6
db:	VULHUB	id:	VHN-114927	Trust: 0.1

sources: VULHUB: VHN-114927 // BID: 99203 // JVNDB: JVNDB-2017-005316 // CNNVD: CNNVD-201706-1015 // NVD: CVE-2017-6724

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-piwf	Trust: 2.0
url:	http://www.securityfocus.com/bid/99203	Trust: 1.7
url:	http://www.securitytracker.com/id/1038751	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6724	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6724	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/37047	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114927 // BID: 99203 // JVNDB: JVNDB-2017-005316 // CNNVD: CNNVD-201706-1015 // NVD: CVE-2017-6724

CREDITS

Cisco

Trust: 0.9

sources: BID: 99203 // CNNVD: CNNVD-201706-1015

SOURCES

db:	VULHUB	id:	VHN-114927
db:	BID	id:	99203
db:	JVNDB	id:	JVNDB-2017-005316
db:	CNNVD	id:	CNNVD-201706-1015
db:	NVD	id:	CVE-2017-6724

LAST UPDATE DATE

2024-11-23T22:38:28.195000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114927	date:	2017-07-07T00:00:00
db:	BID	id:	99203	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005316	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1015	date:	2017-07-04T00:00:00
db:	NVD	id:	CVE-2017-6724	date:	2024-11-21T03:30:23.057

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114927	date:	2017-07-04T00:00:00
db:	BID	id:	99203	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005316	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1015	date:	2017-06-29T00:00:00
db:	NVD	id:	CVE-2017-6724	date:	2017-07-04T00:29:00.727