Details of VAR-201709-1082

ID

VAR-201709-1082

CVE

CVE-2017-6789

TITLE

Cisco Unified Intelligence Center Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007829

DESCRIPTION

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325. Vendors have confirmed this vulnerability Bug ID CSCvf18325 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform provides functions such as report-related business data and comprehensive display of call center data

Trust: 1.98

sources: NVD: CVE-2017-6789 // JVNDB: JVNDB-2017-007829 // BID: 100646 // VULHUB: VHN-114992

AFFECTED PRODUCTS

vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	11.0\(1\)es10	Trust: 1.6
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	11.0(1)es10	Trust: 0.8
vendor:	cisco	model:	unified intelligence center 11.0 es10	scope:	-	version:	-	Trust: 0.3

sources: BID: 100646 // JVNDB: JVNDB-2017-007829 // CNNVD: CNNVD-201709-219 // NVD: CVE-2017-6789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6789
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6789
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-219
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114992
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6789
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114992
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6789
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114992 // JVNDB: JVNDB-2017-007829 // CNNVD: CNNVD-201709-219 // NVD: CVE-2017-6789

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-114992 // JVNDB: JVNDB-2017-007829 // NVD: CVE-2017-6789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-219

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201709-219

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007829

PATCH

title:	CSCvf18325 - Open redirection (DOM-based)	url:	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325	Trust: 0.8
title:	cisco-sa-20170906-cuic	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic	Trust: 0.8
title:	Cisco Unified Intelligence Center Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74575	Trust: 0.6

sources: JVNDB: JVNDB-2017-007829 // CNNVD: CNNVD-201709-219

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6789	Trust: 2.8
db:	BID	id:	100646	Trust: 2.0
db:	SECTRACK	id:	1039278	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-007829	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-219	Trust: 0.7
db:	VULHUB	id:	VHN-114992	Trust: 0.1

sources: VULHUB: VHN-114992 // BID: 100646 // JVNDB: JVNDB-2017-007829 // CNNVD: CNNVD-201709-219 // NVD: CVE-2017-6789

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-cuic	Trust: 2.0
url:	http://www.securityfocus.com/bid/100646	Trust: 1.7
url:	https://quickview.cloudapps.cisco.com/quickview/bug/cscvf18325	Trust: 1.7
url:	http://www.securitytracker.com/id/1039278	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6789	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6789	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114992 // BID: 100646 // JVNDB: JVNDB-2017-007829 // CNNVD: CNNVD-201709-219 // NVD: CVE-2017-6789

CREDITS

Cisco

Trust: 0.3

sources: BID: 100646

SOURCES

db:	VULHUB	id:	VHN-114992
db:	BID	id:	100646
db:	JVNDB	id:	JVNDB-2017-007829
db:	CNNVD	id:	CNNVD-201709-219
db:	NVD	id:	CVE-2017-6789

LAST UPDATE DATE

2024-11-23T22:12:50.779000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114992	date:	2019-10-09T00:00:00
db:	BID	id:	100646	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007829	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201709-219	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6789	date:	2024-11-21T03:30:31.913

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114992	date:	2017-09-07T00:00:00
db:	BID	id:	100646	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007829	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201709-219	date:	2017-09-12T00:00:00
db:	NVD	id:	CVE-2017-6789	date:	2017-09-07T21:29:00.770