Sign-up

ID

VAR-201707-0912


CVE

CVE-2017-6702


TITLE

Cisco SocialMiner of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2017-005312

DESCRIPTION

A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1). CiscoSocialMiner is a social media customer care solution. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCve15285

Trust: 2.52

sources: NVD: CVE-2017-6702 // JVNDB: JVNDB-2017-005312 // CNVD: CNVD-2017-15831 // BID: 99205 // VULHUB: VHN-114905

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-15831

AFFECTED PRODUCTS

vendor:ciscomodel:socialminerscope:eqversion:11.5\(1\)

Trust: 1.6

vendor:ciscomodel:social minerscope:eqversion:11.5(1)

Trust: 0.9

vendor:ciscomodel:socialminerscope:eqversion:11.5(1)

Trust: 0.8

sources: CNVD: CNVD-2017-15831 // BID: 99205 // JVNDB: JVNDB-2017-005312 // CNNVD: CNNVD-201706-1013 // NVD: CVE-2017-6702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6702
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6702
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-15831
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-1013
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114905
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6702
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-15831
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114905
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6702
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-15831 // VULHUB: VHN-114905 // JVNDB: JVNDB-2017-005312 // CNNVD: CNNVD-201706-1013 // NVD: CVE-2017-6702

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-114905 // JVNDB: JVNDB-2017-005312 // NVD: CVE-2017-6702

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1013

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201706-1013

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005312

PATCH
title:cisco-sa-20170621-csmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm
Trust: 0.8
title:Patch for CiscoSocialMiner Cross-Site Scripting Vulnerability (CNVD-2017-15831)url:https://www.cnvd.org.cn/patchInfo/show/98492
Trust: 0.6
title:Cisco SocialMiner Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71276
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-15831 // 
            
            
            
            JVNDB: JVNDB-2017-005312 // 
            
            
            
            CNNVD: CNNVD-201706-1013

EXTERNAL IDS
db:NVDid:CVE-2017-6702
Trust: 3.4
db:BIDid:99205
Trust: 2.0
db:SECTRACKid:1038738
Trust: 1.1
db:JVNDBid:JVNDB-2017-005312
Trust: 0.8
db:CNVDid:CNVD-2017-15831
Trust: 0.6
db:NSFOCUSid:36951
Trust: 0.6
db:CNNVDid:CNNVD-201706-1013
Trust: 0.6
db:VULHUBid:VHN-114905
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-15831 // 
            
            
            
            VULHUB: VHN-114905 // 
            
            
            
            BID: 99205 // 
            
            
            
            JVNDB: JVNDB-2017-005312 // 
            
            
            
            CNNVD: CNNVD-201706-1013 // 
            
            
            
            NVD: CVE-2017-6702

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-csm
Trust: 2.6
url:http://www.securityfocus.com/bid/99205
Trust: 1.7
url:http://www.securitytracker.com/id/1038738
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6702
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6702
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36951
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps11349/index.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-15831 // 
            
            
            
            VULHUB: VHN-114905 // 
            
            
            
            BID: 99205 // 
            
            
            
            JVNDB: JVNDB-2017-005312 // 
            
            
            
            CNNVD: CNNVD-201706-1013 // 
            
            
            
            NVD: CVE-2017-6702

CREDITS
Marcos Garcia
Trust: 0.9
sources:
            
            
            BID: 99205 // 
            
            
            
            CNNVD: CNNVD-201706-1013

SOURCES
db:CNVDid:CNVD-2017-15831
db:VULHUBid:VHN-114905
db:BIDid:99205
db:JVNDBid:JVNDB-2017-005312
db:CNNVDid:CNNVD-201706-1013
db:NVDid:CVE-2017-6702

LAST UPDATE DATE
2024-11-23T23:02:23.143000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-15831date:2017-07-21T00:00:00
db:VULHUBid:VHN-114905date:2017-07-07T00:00:00
db:BIDid:99205date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-005312date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201706-1013date:2017-07-04T00:00:00
db:NVDid:CVE-2017-6702date:2024-11-21T03:30:20.340

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-15831date:2017-07-21T00:00:00
db:VULHUBid:VHN-114905date:2017-07-04T00:00:00
db:BIDid:99205date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-005312date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201706-1013date:2017-06-29T00:00:00
db:NVDid:CVE-2017-6702date:2017-07-04T00:29:00.367