Details of VAR-201709-0656

ID

VAR-201709-0656

CVE

CVE-2017-12248

TITLE

Cisco Unified Intelligence Center Software Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-008283

DESCRIPTION

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835. Vendors have confirmed this vulnerability Bug ID CSCve76835 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform provides functions such as report-related business data and comprehensive display of call center data

Trust: 1.98

sources: NVD: CVE-2017-12248 // JVNDB: JVNDB-2017-008283 // BID: 100921 // VULHUB: VHN-102751

AFFECTED PRODUCTS

vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	11.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unified intelligence center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	11.5(1)	Trust: 0.3

sources: BID: 100921 // JVNDB: JVNDB-2017-008283 // CNNVD: CNNVD-201709-1037 // NVD: CVE-2017-12248

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12248
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12248
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-1037
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102751
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12248
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102751
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12248
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102751 // JVNDB: JVNDB-2017-008283 // CNNVD: CNNVD-201709-1037 // NVD: CVE-2017-12248

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-102751 // JVNDB: JVNDB-2017-008283 // NVD: CVE-2017-12248

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1037

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201709-1037

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008283

PATCH

title:	cisco-sa-20170920-cuic	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic	Trust: 0.8
title:	Cisco Unified Intelligence Center Software Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75052	Trust: 0.6

sources: JVNDB: JVNDB-2017-008283 // CNNVD: CNNVD-201709-1037

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12248	Trust: 2.8
db:	BID	id:	100921	Trust: 2.0
db:	SECTRACK	id:	1039408	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-008283	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1037	Trust: 0.7
db:	VULHUB	id:	VHN-102751	Trust: 0.1

sources: VULHUB: VHN-102751 // BID: 100921 // JVNDB: JVNDB-2017-008283 // CNNVD: CNNVD-201709-1037 // NVD: CVE-2017-12248

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-cuic	Trust: 2.0
url:	http://www.securityfocus.com/bid/100921	Trust: 1.7
url:	http://www.securitytracker.com/id/1039408	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12248	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12248	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102751 // BID: 100921 // JVNDB: JVNDB-2017-008283 // CNNVD: CNNVD-201709-1037 // NVD: CVE-2017-12248

CREDITS

Cisco

Trust: 0.3

sources: BID: 100921

SOURCES

db:	VULHUB	id:	VHN-102751
db:	BID	id:	100921
db:	JVNDB	id:	JVNDB-2017-008283
db:	CNNVD	id:	CNNVD-201709-1037
db:	NVD	id:	CVE-2017-12248

LAST UPDATE DATE

2024-11-23T23:02:21.661000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102751	date:	2019-10-09T00:00:00
db:	BID	id:	100921	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008283	date:	2017-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201709-1037	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12248	date:	2024-11-21T03:09:07.163

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102751	date:	2017-09-21T00:00:00
db:	BID	id:	100921	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008283	date:	2017-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201709-1037	date:	2017-09-22T00:00:00
db:	NVD	id:	CVE-2017-12248	date:	2017-09-21T05:29:00.357