Details of VAR-201708-1359

ID

VAR-201708-1359

CVE

CVE-2017-6769

TITLE

Cisco Secure Access Control System Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-006809

DESCRIPTION

A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCve70587. Known Affected Releases: 5.8(0.8) 5.8(1.5). Vendors have confirmed this vulnerability Bug ID CSCve70587 It is released as.Information may be obtained and information may be altered. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCve70587. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 1.98

sources: NVD: CVE-2017-6769 // JVNDB: JVNDB-2017-006809 // BID: 99985 // VULHUB: VHN-114972

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.8\(0.8\)	Trust: 1.6
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.8\(1.5\)	Trust: 1.6
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.8(0.8)	Trust: 0.8
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.8(1.5)	Trust: 0.8
vendor:	cisco	model:	secure access control system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.8(1.5)	Trust: 0.3
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.8(0.8)	Trust: 0.3

sources: BID: 99985 // JVNDB: JVNDB-2017-006809 // CNNVD: CNNVD-201707-1423 // NVD: CVE-2017-6769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6769
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6769
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201707-1423
value:	LOW
Trust: 0.6
VULHUB:	VHN-114972
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-6769
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114972
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6769
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114972 // JVNDB: JVNDB-2017-006809 // CNNVD: CNNVD-201707-1423 // NVD: CVE-2017-6769

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-114972 // JVNDB: JVNDB-2017-006809 // NVD: CVE-2017-6769

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1423

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201707-1423

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006809

PATCH

title:	cisco-sa-20170726-acs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-acs	Trust: 0.8
title:	Cisco Secure Access Control System Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72179	Trust: 0.6

sources: JVNDB: JVNDB-2017-006809 // CNNVD: CNNVD-201707-1423

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6769	Trust: 2.8
db:	BID	id:	99985	Trust: 2.0
db:	SECTRACK	id:	1038996	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-006809	Trust: 0.8
db:	NSFOCUS	id:	37270	Trust: 0.6
db:	CNNVD	id:	CNNVD-201707-1423	Trust: 0.6
db:	VULHUB	id:	VHN-114972	Trust: 0.1

sources: VULHUB: VHN-114972 // BID: 99985 // JVNDB: JVNDB-2017-006809 // CNNVD: CNNVD-201707-1423 // NVD: CVE-2017-6769

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170726-acs	Trust: 2.0
url:	http://www.securityfocus.com/bid/99985	Trust: 1.7
url:	http://www.securitytracker.com/id/1038996	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6769	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6769	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/37270	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114972 // BID: 99985 // JVNDB: JVNDB-2017-006809 // CNNVD: CNNVD-201707-1423 // NVD: CVE-2017-6769

CREDITS

Mikhail Klyuchnikov from Positive Technologies.

Trust: 0.9

sources: BID: 99985 // CNNVD: CNNVD-201707-1423

SOURCES

db:	VULHUB	id:	VHN-114972
db:	BID	id:	99985
db:	JVNDB	id:	JVNDB-2017-006809
db:	CNNVD	id:	CNNVD-201707-1423
db:	NVD	id:	CVE-2017-6769

LAST UPDATE DATE

2024-11-23T23:08:56.396000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114972	date:	2017-08-10T00:00:00
db:	BID	id:	99985	date:	2017-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-006809	date:	2017-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201707-1423	date:	2017-07-31T00:00:00
db:	NVD	id:	CVE-2017-6769	date:	2024-11-21T03:30:29.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114972	date:	2017-08-07T00:00:00
db:	BID	id:	99985	date:	2017-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-006809	date:	2017-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201707-1423	date:	2017-07-31T00:00:00
db:	NVD	id:	CVE-2017-6769	date:	2017-08-07T06:29:00.760