Details of VAR-201709-0661

ID

VAR-201709-0661

CVE

CVE-2017-12254

TITLE

Cisco Unified Intelligence Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-008419

DESCRIPTION

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856. Vendors have confirmed this vulnerability Bug ID CSCve76848 and CSCve76856 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform provides functions such as report-related business data and comprehensive display of call center data

Trust: 1.98

sources: NVD: CVE-2017-12254 // JVNDB: JVNDB-2017-008419 // BID: 100922 // VULHUB: VHN-102758

AFFECTED PRODUCTS

vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	11.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unified intelligence center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	11.5(1)	Trust: 0.3

sources: BID: 100922 // JVNDB: JVNDB-2017-008419 // CNNVD: CNNVD-201709-1033 // NVD: CVE-2017-12254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12254
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12254
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-1033
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102758
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12254
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102758
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12254
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102758 // JVNDB: JVNDB-2017-008419 // CNNVD: CNNVD-201709-1033 // NVD: CVE-2017-12254

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-102758 // JVNDB: JVNDB-2017-008419 // NVD: CVE-2017-12254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1033

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201709-1033

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008419

PATCH

title:	cisco-sa-20170920-cuic2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2	Trust: 0.8
title:	Cisco Unified Intelligence Center Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75049	Trust: 0.6

sources: JVNDB: JVNDB-2017-008419 // CNNVD: CNNVD-201709-1033

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12254	Trust: 2.8
db:	BID	id:	100922	Trust: 2.0
db:	SECTRACK	id:	1039410	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-008419	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1033	Trust: 0.7
db:	VULHUB	id:	VHN-102758	Trust: 0.1

sources: VULHUB: VHN-102758 // BID: 100922 // JVNDB: JVNDB-2017-008419 // CNNVD: CNNVD-201709-1033 // NVD: CVE-2017-12254

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-cuic2	Trust: 2.0
url:	http://www.securityfocus.com/bid/100922	Trust: 1.7
url:	http://www.securitytracker.com/id/1039410	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12254	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12254	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102758 // BID: 100922 // JVNDB: JVNDB-2017-008419 // CNNVD: CNNVD-201709-1033 // NVD: CVE-2017-12254

CREDITS

Cisco

Trust: 0.3

sources: BID: 100922

SOURCES

db:	VULHUB	id:	VHN-102758
db:	BID	id:	100922
db:	JVNDB	id:	JVNDB-2017-008419
db:	CNNVD	id:	CNNVD-201709-1033
db:	NVD	id:	CVE-2017-12254

LAST UPDATE DATE

2024-11-23T23:05:19.160000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102758	date:	2019-10-09T00:00:00
db:	BID	id:	100922	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008419	date:	2017-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201709-1033	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12254	date:	2024-11-21T03:09:10.533

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102758	date:	2017-09-21T00:00:00
db:	BID	id:	100922	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008419	date:	2017-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201709-1033	date:	2017-09-22T00:00:00
db:	NVD	id:	CVE-2017-12254	date:	2017-09-21T05:29:00.780