Details of VAR-201707-0927

ID

VAR-201707-0927

CVE

CVE-2017-6717

TITLE

Cisco Firepower Management Center of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2017-005307

DESCRIPTION

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by Cisco Bug ID CSCvc38801. The vulnerability stems from the program's insufficient validation and filtering of user-submitted input

Trust: 1.98

sources: NVD: CVE-2017-6717 // JVNDB: JVNDB-2017-005307 // BID: 99217 // VULHUB: VHN-114920

AFFECTED PRODUCTS

vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1.2	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1.3	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1.9	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.1.1	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.0.1	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1.4	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.2.0.2	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0_base	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1.5	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1.6	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.1.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.1.1	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4.0.2	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.1.3	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	5.4_base	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.0.0.0	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.1.0.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1.1	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.0.0	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4_base	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.4	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.3	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.1.9	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	5.4.0.2	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.2	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0.2	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.0.1.3	Trust: 0.3
vendor:	cisco	model:	firepower management center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 99217 // JVNDB: JVNDB-2017-005307 // CNNVD: CNNVD-201706-1006 // NVD: CVE-2017-6717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6717
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6717
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201706-1006
value:	LOW
Trust: 0.6
VULHUB:	VHN-114920
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-6717
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114920
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6717
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114920 // JVNDB: JVNDB-2017-005307 // CNNVD: CNNVD-201706-1006 // NVD: CVE-2017-6717

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-114920 // JVNDB: JVNDB-2017-005307 // NVD: CVE-2017-6717

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1006

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201706-1006

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005307

PATCH

title:	cisco-sa-20170621-fpmc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc	Trust: 0.8
title:	Cisco Firepower Management Center Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71195	Trust: 0.6

sources: JVNDB: JVNDB-2017-005307 // CNNVD: CNNVD-201706-1006

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6717	Trust: 2.8
db:	BID	id:	99217	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-005307	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-1006	Trust: 0.7
db:	NSFOCUS	id:	36948	Trust: 0.6
db:	VULHUB	id:	VHN-114920	Trust: 0.1

sources: VULHUB: VHN-114920 // BID: 99217 // JVNDB: JVNDB-2017-005307 // CNNVD: CNNVD-201706-1006 // NVD: CVE-2017-6717

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-fpmc	Trust: 2.0
url:	http://www.securityfocus.com/bid/99217	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6717	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6717	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36948	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114920 // BID: 99217 // JVNDB: JVNDB-2017-005307 // CNNVD: CNNVD-201706-1006 // NVD: CVE-2017-6717

CREDITS

Cisco

Trust: 0.9

sources: BID: 99217 // CNNVD: CNNVD-201706-1006

SOURCES

db:	VULHUB	id:	VHN-114920
db:	BID	id:	99217
db:	JVNDB	id:	JVNDB-2017-005307
db:	CNNVD	id:	CNNVD-201706-1006
db:	NVD	id:	CVE-2017-6717

LAST UPDATE DATE

2024-11-27T22:56:44.926000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114920	date:	2017-07-07T00:00:00
db:	BID	id:	99217	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005307	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1006	date:	2017-07-04T00:00:00
db:	NVD	id:	CVE-2017-6717	date:	2024-11-26T16:09:02.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114920	date:	2017-07-04T00:00:00
db:	BID	id:	99217	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005307	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1006	date:	2017-06-23T00:00:00
db:	NVD	id:	CVE-2017-6717	date:	2017-07-04T00:29:00.587