Details of VAR-201709-0690

ID

VAR-201709-0690

CVE

CVE-2017-12227

TITLE

Cisco Emergency Responder In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007842

DESCRIPTION

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973. Vendors have confirmed this vulnerability Bug ID CSCvb58973 It is released as.Information may be obtained and information may be altered. The software provides features such as real-time location tracking database and caller's location

Trust: 1.98

sources: NVD: CVE-2017-12227 // JVNDB: JVNDB-2017-007842 // BID: 100653 // VULHUB: VHN-102728

AFFECTED PRODUCTS

vendor:	cisco	model:	emergency responder	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	emergency responder software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5(2.20000.6)	Trust: 0.3

sources: BID: 100653 // JVNDB: JVNDB-2017-007842 // CNNVD: CNNVD-201709-223 // NVD: CVE-2017-12227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12227
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12227
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-223
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102728
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12227
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102728
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12227
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102728 // JVNDB: JVNDB-2017-007842 // CNNVD: CNNVD-201709-223 // NVD: CVE-2017-12227

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-102728 // JVNDB: JVNDB-2017-007842 // NVD: CVE-2017-12227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-223

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201709-223

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007842

PATCH

title:	cisco-sa-20170906-cer	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer	Trust: 0.8
title:	Cisco Emergency Responder SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74578	Trust: 0.6

sources: JVNDB: JVNDB-2017-007842 // CNNVD: CNNVD-201709-223

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12227	Trust: 2.8
db:	BID	id:	100653	Trust: 2.0
db:	SECTRACK	id:	1039287	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-007842	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-223	Trust: 0.7
db:	VULHUB	id:	VHN-102728	Trust: 0.1

sources: VULHUB: VHN-102728 // BID: 100653 // JVNDB: JVNDB-2017-007842 // CNNVD: CNNVD-201709-223 // NVD: CVE-2017-12227

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-cer	Trust: 2.0
url:	http://www.securityfocus.com/bid/100653	Trust: 1.7
url:	http://www.securitytracker.com/id/1039287	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12227	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12227	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102728 // BID: 100653 // JVNDB: JVNDB-2017-007842 // CNNVD: CNNVD-201709-223 // NVD: CVE-2017-12227

CREDITS

Cisco

Trust: 0.3

sources: BID: 100653

SOURCES

db:	VULHUB	id:	VHN-102728
db:	BID	id:	100653
db:	JVNDB	id:	JVNDB-2017-007842
db:	CNNVD	id:	CNNVD-201709-223
db:	NVD	id:	CVE-2017-12227

LAST UPDATE DATE

2024-11-23T22:56:05.359000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102728	date:	2019-10-09T00:00:00
db:	BID	id:	100653	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007842	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201709-223	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12227	date:	2024-11-21T03:09:04.630

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102728	date:	2017-09-07T00:00:00
db:	BID	id:	100653	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007842	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201709-223	date:	2017-09-11T00:00:00
db:	NVD	id:	CVE-2017-12227	date:	2017-09-07T21:29:00.630