Sign-up

ID

VAR-201707-0897


CVE

CVE-2017-6725


TITLE

Cisco Prime Infrastructure of Web Vulnerability to execute cross-site scripting attack in framework code

Trust: 0.8

sources: JVNDB: JVNDB-2017-005317

DESCRIPTION

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.2(2). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuw65833 and CSCuw65837. Cisco Prime Infrastructure (PI) is a set of Cisco (Cisco) wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technology. The vulnerability stems from the fact that the program does not adequately perform input validation on the parameters passed to the web server

Trust: 2.07

sources: NVD: CVE-2017-6725 // JVNDB: JVNDB-2017-005317 // BID: 99202 // VULHUB: VHN-114928 // VULMON: CVE-2017-6725

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion:2.2\(2\)

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope:eqversion:2.2(2)

Trust: 1.1

sources: BID: 99202 // JVNDB: JVNDB-2017-005317 // CNNVD: CNNVD-201706-1016 // NVD: CVE-2017-6725

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6725
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6725
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201706-1016
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114928
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-6725
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6725
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114928
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6725
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114928 // VULMON: CVE-2017-6725 // JVNDB: JVNDB-2017-005317 // CNNVD: CNNVD-201706-1016 // NVD: CVE-2017-6725

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-114928 // JVNDB: JVNDB-2017-005317 // NVD: CVE-2017-6725

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1016

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201706-1016

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005317

PATCH
title:cisco-sa-20170621-piwf1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf1
Trust: 0.8
title:Cisco Prime Infrastructure Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71278
Trust: 0.6
title:Cisco: Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170621-piwf1
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6725 // 
            
            
            
            JVNDB: JVNDB-2017-005317 // 
            
            
            
            CNNVD: CNNVD-201706-1016

EXTERNAL IDS
db:NVDid:CVE-2017-6725
Trust: 2.9
db:BIDid:99202
Trust: 2.1
db:SECTRACKid:1038751
Trust: 1.2
db:JVNDBid:JVNDB-2017-005317
Trust: 0.8
db:CNNVDid:CNNVD-201706-1016
Trust: 0.7
db:NSFOCUSid:37046
Trust: 0.6
db:VULHUBid:VHN-114928
Trust: 0.1
db:VULMONid:CVE-2017-6725
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114928 // 
            
            
            
            VULMON: CVE-2017-6725 // 
            
            
            
            BID: 99202 // 
            
            
            
            JVNDB: JVNDB-2017-005317 // 
            
            
            
            CNNVD: CNNVD-201706-1016 // 
            
            
            
            NVD: CVE-2017-6725

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-piwf1
Trust: 2.2
url:http://www.securityfocus.com/bid/99202
Trust: 1.9
url:http://www.securitytracker.com/id/1038751
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6725
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6725
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37046
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114928 // 
            
            
            
            VULMON: CVE-2017-6725 // 
            
            
            
            BID: 99202 // 
            
            
            
            JVNDB: JVNDB-2017-005317 // 
            
            
            
            CNNVD: CNNVD-201706-1016 // 
            
            
            
            NVD: CVE-2017-6725

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 99202 // 
            
            
            
            CNNVD: CNNVD-201706-1016

SOURCES
db:VULHUBid:VHN-114928
db:VULMONid:CVE-2017-6725
db:BIDid:99202
db:JVNDBid:JVNDB-2017-005317
db:CNNVDid:CNNVD-201706-1016
db:NVDid:CVE-2017-6725

LAST UPDATE DATE
2024-11-23T22:38:28.242000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114928date:2017-07-07T00:00:00
db:VULMONid:CVE-2017-6725date:2017-07-07T00:00:00
db:BIDid:99202date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-005317date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201706-1016date:2017-06-29T00:00:00
db:NVDid:CVE-2017-6725date:2024-11-21T03:30:23.187

SOURCES RELEASE DATE
db:VULHUBid:VHN-114928date:2017-07-04T00:00:00
db:VULMONid:CVE-2017-6725date:2017-07-04T00:00:00
db:BIDid:99202date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-005317date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201706-1016date:2017-06-29T00:00:00
db:NVDid:CVE-2017-6725date:2017-07-04T00:29:00.757