Details of VAR-201707-0978

ID

VAR-201707-0978

CVE

CVE-2017-6605

TITLE

Cisco Identity Services Engine of Web -Based management interface reflective cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005298

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc85415. Known Affected Releases: 2.1(0.800). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvc85415 . The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2017-6605 // JVNDB: JVNDB-2017-005298 // BID: 99207 // VULHUB: VHN-114808

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.1\(0.800\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	2.1(0.800)	Trust: 0.8
vendor:	cisco	model:	identity services engine series appliances	scope:	eq	version:	33002.1(0.800)	Trust: 0.3
vendor:	cisco	model:	identity services engine	scope:	eq	version:	0	Trust: 0.3

sources: BID: 99207 // JVNDB: JVNDB-2017-005298 // CNNVD: CNNVD-201706-1011 // NVD: CVE-2017-6605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6605
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6605
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201706-1011
value:	LOW
Trust: 0.6
VULHUB:	VHN-114808
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-6605
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114808
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6605
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114808 // JVNDB: JVNDB-2017-005298 // CNNVD: CNNVD-201706-1011 // NVD: CVE-2017-6605

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-114808 // JVNDB: JVNDB-2017-005298 // NVD: CVE-2017-6605

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1011

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201706-1011

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005298

PATCH

title:	cisco-sa-20170621-ise1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ise1	Trust: 0.8
title:	Cisco Identity Services Engine Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71274	Trust: 0.6

sources: JVNDB: JVNDB-2017-005298 // CNNVD: CNNVD-201706-1011

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6605	Trust: 2.8
db:	BID	id:	99207	Trust: 2.0
db:	SECTRACK	id:	1038740	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-005298	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-1011	Trust: 0.7
db:	NSFOCUS	id:	36955	Trust: 0.6
db:	VULHUB	id:	VHN-114808	Trust: 0.1

sources: VULHUB: VHN-114808 // BID: 99207 // JVNDB: JVNDB-2017-005298 // CNNVD: CNNVD-201706-1011 // NVD: CVE-2017-6605

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-ise1	Trust: 2.0
url:	http://www.securityfocus.com/bid/99207	Trust: 1.7
url:	http://www.securitytracker.com/id/1038740	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6605	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6605	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36955	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114808 // BID: 99207 // JVNDB: JVNDB-2017-005298 // CNNVD: CNNVD-201706-1011 // NVD: CVE-2017-6605

CREDITS

Juan Avila from Arthrocyber

Trust: 0.9

sources: BID: 99207 // CNNVD: CNNVD-201706-1011

SOURCES

db:	VULHUB	id:	VHN-114808
db:	BID	id:	99207
db:	JVNDB	id:	JVNDB-2017-005298
db:	CNNVD	id:	CNNVD-201706-1011
db:	NVD	id:	CVE-2017-6605

LAST UPDATE DATE

2024-11-23T22:12:57.751000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114808	date:	2017-07-07T00:00:00
db:	BID	id:	99207	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005298	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1011	date:	2017-06-29T00:00:00
db:	NVD	id:	CVE-2017-6605	date:	2024-11-21T03:30:06.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114808	date:	2017-07-04T00:00:00
db:	BID	id:	99207	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005298	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1011	date:	2017-06-29T00:00:00
db:	NVD	id:	CVE-2017-6605	date:	2017-07-04T00:29:00.227