Details of VAR-201709-0679

ID

VAR-201709-0679

CVE

CVE-2017-12216

TITLE

Cisco SocialMiner In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-007982

DESCRIPTION

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. Vendors have confirmed this vulnerability Bug ID CSCvf47946 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to execute arbitrary code, gain access to sensitive information or cause denial-of-service conditions. Cisco SocialMiner is a set of social media call center solutions from Cisco. The solution supports social media monitoring and analysis capabilities

Trust: 1.98

sources: NVD: CVE-2017-12216 // JVNDB: JVNDB-2017-007982 // BID: 100664 // VULHUB: VHN-102716

AFFECTED PRODUCTS

vendor:	cisco	model:	socialminer	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	socialminer	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	socialminer	scope:	eq	version:	11.6(1)	Trust: 0.3

sources: BID: 100664 // JVNDB: JVNDB-2017-007982 // CNNVD: CNNVD-201709-231 // NVD: CVE-2017-12216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12216
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12216
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201709-231
value:	HIGH
Trust: 0.6
VULHUB:	VHN-102716
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12216
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102716
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12216
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102716 // JVNDB: JVNDB-2017-007982 // CNNVD: CNNVD-201709-231 // NVD: CVE-2017-12216

PROBLEMTYPE DATA

problemtype:	CWE-611	Trust: 1.9
problemtype:	CWE-200	Trust: 1.0

sources: VULHUB: VHN-102716 // JVNDB: JVNDB-2017-007982 // NVD: CVE-2017-12216

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-231

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-231

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007982

PATCH

title:	cisco-sa-20170906-socmin	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin	Trust: 0.8
title:	Cisco SocialMiner Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74585	Trust: 0.6

sources: JVNDB: JVNDB-2017-007982 // CNNVD: CNNVD-201709-231

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12216	Trust: 2.8
db:	BID	id:	100664	Trust: 2.0
db:	SECTRACK	id:	1039274	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-007982	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-231	Trust: 0.7
db:	VULHUB	id:	VHN-102716	Trust: 0.1

sources: VULHUB: VHN-102716 // BID: 100664 // JVNDB: JVNDB-2017-007982 // CNNVD: CNNVD-201709-231 // NVD: CVE-2017-12216

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-socmin	Trust: 2.0
url:	http://www.securityfocus.com/bid/100664	Trust: 1.7
url:	http://www.securitytracker.com/id/1039274	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12216	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12216	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102716 // BID: 100664 // JVNDB: JVNDB-2017-007982 // CNNVD: CNNVD-201709-231 // NVD: CVE-2017-12216

CREDITS

Pawel Gocyla

Trust: 0.3

sources: BID: 100664

SOURCES

db:	VULHUB	id:	VHN-102716
db:	BID	id:	100664
db:	JVNDB	id:	JVNDB-2017-007982
db:	CNNVD	id:	CNNVD-201709-231
db:	NVD	id:	CVE-2017-12216

LAST UPDATE DATE

2024-11-23T22:34:29.721000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102716	date:	2019-10-09T00:00:00
db:	BID	id:	100664	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007982	date:	2017-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-231	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12216	date:	2024-11-21T03:09:03.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102716	date:	2017-09-07T00:00:00
db:	BID	id:	100664	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007982	date:	2017-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-231	date:	2017-09-08T00:00:00
db:	NVD	id:	CVE-2017-12216	date:	2017-09-07T21:29:00.347