Details of VAR-201708-1336

ID

VAR-201708-1336

CVE

CVE-2017-6782

TITLE

Cisco Prime Infrastructure Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007254

DESCRIPTION

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0). Cisco Prime Infrastructure Contains a code injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve47074 It is released as.Information may be obtained and information may be altered. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible

Trust: 1.98

sources: NVD: CVE-2017-6782 // JVNDB: JVNDB-2017-007254 // BID: 100366 // VULHUB: VHN-114985

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.2\(0.0\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.2(0.0)	Trust: 0.3

sources: BID: 100366 // JVNDB: JVNDB-2017-007254 // CNNVD: CNNVD-201708-719 // NVD: CVE-2017-6782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6782
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6782
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201708-719
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114985
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6782
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114985
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6782
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114985 // JVNDB: JVNDB-2017-007254 // CNNVD: CNNVD-201708-719 // NVD: CVE-2017-6782

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-114985 // JVNDB: JVNDB-2017-007254 // NVD: CVE-2017-6782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-719

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201708-719

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007254

PATCH

title:	cisco-sa-20170816-cpi	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi	Trust: 0.8
title:	Cisco Prime Infrastructure Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74070	Trust: 0.6

sources: JVNDB: JVNDB-2017-007254 // CNNVD: CNNVD-201708-719

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6782	Trust: 2.8
db:	BID	id:	100366	Trust: 2.0
db:	SECTRACK	id:	1039189	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-007254	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-719	Trust: 0.7
db:	NSFOCUS	id:	37431	Trust: 0.6
db:	VULHUB	id:	VHN-114985	Trust: 0.1

sources: VULHUB: VHN-114985 // BID: 100366 // JVNDB: JVNDB-2017-007254 // CNNVD: CNNVD-201708-719 // NVD: CVE-2017-6782

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-cpi	Trust: 2.0
url:	http://www.securityfocus.com/bid/100366	Trust: 1.7
url:	http://www.securitytracker.com/id/1039189	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6782	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6782	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/37431	Trust: 0.6
url:	http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-infrastructure/index.html	Trust: 0.3

sources: VULHUB: VHN-114985 // BID: 100366 // JVNDB: JVNDB-2017-007254 // CNNVD: CNNVD-201708-719 // NVD: CVE-2017-6782

CREDITS

Cisco

Trust: 0.9

sources: BID: 100366 // CNNVD: CNNVD-201708-719

SOURCES

db:	VULHUB	id:	VHN-114985
db:	BID	id:	100366
db:	JVNDB	id:	JVNDB-2017-007254
db:	CNNVD	id:	CNNVD-201708-719
db:	NVD	id:	CVE-2017-6782

LAST UPDATE DATE

2024-11-23T22:26:42.401000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114985	date:	2017-08-25T00:00:00
db:	BID	id:	100366	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007254	date:	2017-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201708-719	date:	2017-08-17T00:00:00
db:	NVD	id:	CVE-2017-6782	date:	2024-11-21T03:30:31.100

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114985	date:	2017-08-17T00:00:00
db:	BID	id:	100366	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007254	date:	2017-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201708-719	date:	2017-08-17T00:00:00
db:	NVD	id:	CVE-2017-6782	date:	2017-08-17T20:29:00.760