Sign-up

ID

VAR-201707-0906


CVE

CVE-2017-6734


TITLE

Cisco Identity Services Engine Software Web -Based scripting interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005629

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvd74794. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2017-6734 // JVNDB: JVNDB-2017-005629 // BID: 99459 // VULHUB: VHN-114937

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:1.3\(120.135\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(0.474\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:1.3\(0.909\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.1_base

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:1.3\(0.722\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(102.101\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:1.3\(0.876\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:1.3\(106.146\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(0.800\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:identity services engine series appliancesscope:eqversion:33002.1(0.800)

Trust: 0.3

vendor:ciscomodel:identity services engine series appliancesscope:eqversion:33001.3(0.909)

Trust: 0.3

sources: BID: 99459 // JVNDB: JVNDB-2017-005629 // CNNVD: CNNVD-201707-387 // NVD: CVE-2017-6734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6734
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6734
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201707-387
value: LOW

Trust: 0.6

VULHUB: VHN-114937
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-6734
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114937
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6734
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114937 // JVNDB: JVNDB-2017-005629 // CNNVD: CNNVD-201707-387 // NVD: CVE-2017-6734

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-114937 // JVNDB: JVNDB-2017-005629 // NVD: CVE-2017-6734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-387

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201707-387

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005629

PATCH
title:cisco-sa-20170705-ise2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-ise2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-005629

EXTERNAL IDS
db:NVDid:CVE-2017-6734
Trust: 2.8
db:BIDid:99459
Trust: 1.4
db:SECTRACKid:1038823
Trust: 1.1
db:JVNDBid:JVNDB-2017-005629
Trust: 0.8
db:CNNVDid:CNNVD-201707-387
Trust: 0.7
db:NSFOCUSid:37062
Trust: 0.6
db:VULHUBid:VHN-114937
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114937 // 
            
            
            
            BID: 99459 // 
            
            
            
            JVNDB: JVNDB-2017-005629 // 
            
            
            
            CNNVD: CNNVD-201707-387 // 
            
            
            
            NVD: CVE-2017-6734

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-ise2
Trust: 2.0
url:http://www.securityfocus.com/bid/99459
Trust: 1.1
url:http://www.securitytracker.com/id/1038823
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6734
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6734
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37062
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114937 // 
            
            
            
            BID: 99459 // 
            
            
            
            JVNDB: JVNDB-2017-005629 // 
            
            
            
            CNNVD: CNNVD-201707-387 // 
            
            
            
            NVD: CVE-2017-6734

CREDITS
Richard Dalton
Trust: 0.3
sources:
            
            
            BID: 99459

SOURCES
db:VULHUBid:VHN-114937
db:BIDid:99459
db:JVNDBid:JVNDB-2017-005629
db:CNNVDid:CNNVD-201707-387
db:NVDid:CVE-2017-6734

LAST UPDATE DATE
2024-11-23T22:56:10.940000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114937date:2017-07-14T00:00:00
db:BIDid:99459date:2017-07-06T00:00:00
db:JVNDBid:JVNDB-2017-005629date:2017-08-02T00:00:00
db:CNNVDid:CNNVD-201707-387date:2017-07-11T00:00:00
db:NVDid:CVE-2017-6734date:2024-11-21T03:30:24.307

SOURCES RELEASE DATE
db:VULHUBid:VHN-114937date:2017-07-10T00:00:00
db:BIDid:99459date:2017-07-06T00:00:00
db:JVNDBid:JVNDB-2017-005629date:2017-08-02T00:00:00
db:CNNVDid:CNNVD-201707-387date:2017-07-11T00:00:00
db:NVDid:CVE-2017-6734date:2017-07-10T20:29:00.750