Sign-up

ID

VAR-201707-0905


CVE

CVE-2017-6733


TITLE

Cisco ISE Portal Web -Based application interface vulnerabilities in stored cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-005628

DESCRIPTION

A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvd87482. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker can exploit this vulnerability to execute arbitrary code by intercepting user data packets and injecting malicious code

Trust: 2.07

sources: NVD: CVE-2017-6733 // JVNDB: JVNDB-2017-005628 // BID: 99458 // VULHUB: VHN-114936 // VULMON: CVE-2017-6733

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.2\(0.283\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.3\(0.151\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(102.101\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.1(102.101)

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.2(0.283)

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.3(0.151)

Trust: 0.8

vendor:ciscomodel:identity services engine series appliancesscope:eqversion:33002.3(0.151)

Trust: 0.3

vendor:ciscomodel:identity services engine series appliancesscope:eqversion:33002.2(0.283)

Trust: 0.3

vendor:ciscomodel:identity services engine series appliancesscope:eqversion:33002.1(102.101)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

sources: BID: 99458 // JVNDB: JVNDB-2017-005628 // CNNVD: CNNVD-201707-388 // NVD: CVE-2017-6733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6733
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6733
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201707-388
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114936
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-6733
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6733
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114936
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6733
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114936 // VULMON: CVE-2017-6733 // JVNDB: JVNDB-2017-005628 // CNNVD: CNNVD-201707-388 // NVD: CVE-2017-6733

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-114936 // JVNDB: JVNDB-2017-005628 // NVD: CVE-2017-6733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-388

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201707-388

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005628

PATCH
title:cisco-sa-20170705-ise1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-ise1
Trust: 0.8
title:Cisco Identity Services Engine Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71586
Trust: 0.6
title:Cisco: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170705-ise1
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6733 // 
            
            
            
            JVNDB: JVNDB-2017-005628 // 
            
            
            
            CNNVD: CNNVD-201707-388

EXTERNAL IDS
db:NVDid:CVE-2017-6733
Trust: 2.9
db:BIDid:99458
Trust: 1.5
db:SECTRACKid:1038822
Trust: 1.2
db:JVNDBid:JVNDB-2017-005628
Trust: 0.8
db:CNNVDid:CNNVD-201707-388
Trust: 0.7
db:NSFOCUSid:37061
Trust: 0.6
db:VULHUBid:VHN-114936
Trust: 0.1
db:VULMONid:CVE-2017-6733
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114936 // 
            
            
            
            VULMON: CVE-2017-6733 // 
            
            
            
            BID: 99458 // 
            
            
            
            JVNDB: JVNDB-2017-005628 // 
            
            
            
            CNNVD: CNNVD-201707-388 // 
            
            
            
            NVD: CVE-2017-6733

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-ise1
Trust: 2.2
url:http://www.securityfocus.com/bid/99458
Trust: 1.3
url:http://www.securitytracker.com/id/1038822
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6733
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6733
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37061
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114936 // 
            
            
            
            VULMON: CVE-2017-6733 // 
            
            
            
            BID: 99458 // 
            
            
            
            JVNDB: JVNDB-2017-005628 // 
            
            
            
            CNNVD: CNNVD-201707-388 // 
            
            
            
            NVD: CVE-2017-6733

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 99458

SOURCES
db:VULHUBid:VHN-114936
db:VULMONid:CVE-2017-6733
db:BIDid:99458
db:JVNDBid:JVNDB-2017-005628
db:CNNVDid:CNNVD-201707-388
db:NVDid:CVE-2017-6733

LAST UPDATE DATE
2024-11-23T22:49:00.996000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114936date:2017-07-16T00:00:00
db:VULMONid:CVE-2017-6733date:2017-07-16T00:00:00
db:BIDid:99458date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-005628date:2017-08-02T00:00:00
db:CNNVDid:CNNVD-201707-388date:2017-07-11T00:00:00
db:NVDid:CVE-2017-6733date:2024-11-21T03:30:24.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-114936date:2017-07-10T00:00:00
db:VULMONid:CVE-2017-6733date:2017-07-10T00:00:00
db:BIDid:99458date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-005628date:2017-08-02T00:00:00
db:CNNVDid:CNNVD-201707-388date:2017-07-11T00:00:00
db:NVDid:CVE-2017-6733date:2017-07-10T20:29:00.703