Sign-up

ID

VAR-201707-0925


CVE

CVE-2017-6715


TITLE

Cisco Firepower Management Center of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2017-005305

DESCRIPTION

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by Cisco Bug ID CSCuy88951

Trust: 1.98

sources: NVD: CVE-2017-6715 // JVNDB: JVNDB-2017-005305 // BID: 99209 // VULHUB: VHN-114918

AFFECTED PRODUCTS

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.2

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.3

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.0.2

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.4

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.5

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:5.4.1.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.6

Trust: 0.9

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.0

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.4

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.3

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.0.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:5.4.1.5

Trust: 0.6

sources: BID: 99209 // JVNDB: JVNDB-2017-005305 // CNNVD: CNNVD-201706-1009 // NVD: CVE-2017-6715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6715
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6715
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201706-1009
value: LOW

Trust: 0.6

VULHUB: VHN-114918
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-6715
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114918
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6715
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114918 // JVNDB: JVNDB-2017-005305 // CNNVD: CNNVD-201706-1009 // NVD: CVE-2017-6715

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-114918 // JVNDB: JVNDB-2017-005305 // NVD: CVE-2017-6715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1009

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201706-1009

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005305

PATCH
title:cisco-sa-20170621-fmc1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-005305

EXTERNAL IDS
db:NVDid:CVE-2017-6715
Trust: 2.8
db:BIDid:99209
Trust: 2.0
db:JVNDBid:JVNDB-2017-005305
Trust: 0.8
db:CNNVDid:CNNVD-201706-1009
Trust: 0.7
db:NSFOCUSid:36950
Trust: 0.6
db:VULHUBid:VHN-114918
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114918 // 
            
            
            
            BID: 99209 // 
            
            
            
            JVNDB: JVNDB-2017-005305 // 
            
            
            
            CNNVD: CNNVD-201706-1009 // 
            
            
            
            NVD: CVE-2017-6715

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-fmc1
Trust: 2.0
url:http://www.securityfocus.com/bid/99209
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6715
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6715
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36950
Trust: 0.6
url:http://www.cisco.com/c/en/us/products/security/firesight-management-center/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114918 // 
            
            
            
            BID: 99209 // 
            
            
            
            JVNDB: JVNDB-2017-005305 // 
            
            
            
            CNNVD: CNNVD-201706-1009 // 
            
            
            
            NVD: CVE-2017-6715

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 99209 // 
            
            
            
            CNNVD: CNNVD-201706-1009

SOURCES
db:VULHUBid:VHN-114918
db:BIDid:99209
db:JVNDBid:JVNDB-2017-005305
db:CNNVDid:CNNVD-201706-1009
db:NVDid:CVE-2017-6715

LAST UPDATE DATE
2024-11-27T22:53:46.331000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114918date:2017-07-07T00:00:00
db:BIDid:99209date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-005305date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201706-1009date:2017-07-04T00:00:00
db:NVDid:CVE-2017-6715date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-114918date:2017-07-04T00:00:00
db:BIDid:99209date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-005305date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201706-1009date:2017-06-23T00:00:00
db:NVDid:CVE-2017-6715date:2017-07-04T00:29:00.523