Details of VAR-201801-0345

ID

VAR-201801-0345

CVE

CVE-2017-12308

TITLE

Cisco Small Business 300 Series and 500 In series managed switch software HTTP Response splitting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012150

DESCRIPTION

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980. Vendors have confirmed this vulnerability Bug ID CSCvg29980 It is released as.Information may be obtained and information may be altered. Attackers can leverage these issues to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. are all switching devices of Cisco (Cisco)

Trust: 2.07

sources: NVD: CVE-2017-12308 // JVNDB: JVNDB-2017-012150 // BID: 102733 // VULHUB: VHN-102817 // VULMON: CVE-2017-12308

AFFECTED PRODUCTS

vendor:	cisco	model:	sg350xg-2f10	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf302-08mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf550x-24p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg550x-48mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf500-24p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf550x-24p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	esw2-350g-52dc	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-10sfp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-52p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg500-52p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-10sfp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf500-48	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	esw2-550x-48	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf500-48	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350x-24mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sx550x-24ft	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500x-24p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf300-24	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg550x-48p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350x-24mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg500-28mpp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf300-24pp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-52	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500-28mpp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-52mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500x-48p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg550x-24mpp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-10	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	esw2-350g-52	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-20	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg500x-48p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350x-48	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-10	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg355-10p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500x-48	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf302-08pp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg355-10p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sx550x-52	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg500-52	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf300-08	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350xg-24f	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350x-48p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-28mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf300-48p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg550x-24	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf300-08	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350x-48p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-10p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf302-08mpp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sx550x-24f	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-10pp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350-28	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sx550x-16ft	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350x-24	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf500-24	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-10pp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sx550x-16ft	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf500-24	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg500x-24	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf300-24pp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-52p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500x-24	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg550x-48	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf550x-24	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-10mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg500-28	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg500-52p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350-10	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-28pp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf300-24p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-28	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350-10	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-28pp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf300-24p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-28	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	esw2-550x-48dc	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf300-24	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sx550x-12f	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350-10mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sx550x-12f	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350-10mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg550x-24mpp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350xg-24f	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-20	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg550x-24	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500x-48	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-10p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sx550x-52	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf300-24mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf300-24mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-28mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500-52mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350-10p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500-52mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350-10p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350x-24p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf550x-48mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-28p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sx550x-24	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf550x-48mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf350-48mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-10mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-28p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf500-24p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf350-48mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350x-24p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf300-48	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg550x-48	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500-28	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500-28p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500x-24p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf550x-24	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf300-48	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg500-28p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg550x-24mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350xg-24t	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf550x-24mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	esw2-550x-48dc	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500xg-8f8t	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500xg-8f8t	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf302-08p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350xg-24t	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf300-48p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg500-52	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf550x-48	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf500-48p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf350-48	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sx550x-24f	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sx550x-24	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf500-48p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf350-48	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350xg-2f10	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	esw2-350g-52dc	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf302-08	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350xg-48t	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf302-08mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	esw2-550x-48	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sx550x-24ft	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350-28mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350x-24	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg550x-48p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350-28mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf300-48pp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-52	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350xg-48t	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg300-52mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350x-48	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf302-08pp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf300-48pp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg550x-24mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf550x-24mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg550x-24p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350x-48mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg550x-24p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf302-08p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	esw2-350g-52	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350x-48mp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350-28p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf550x-48p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf350-48p	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf302-08mpp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg350-28p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf302-08	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sf550x-48p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf350-48p	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sf550x-48	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-10mpp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg350-28	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	sg550x-48mp	scope:	lt	version:	1.4.9.4	Trust: 1.0
vendor:	cisco	model:	sg300-10mpp	scope:	gte	version:	1.4.7.0	Trust: 1.0
vendor:	cisco	model:	350 series managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	350x series stackable managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	550x series stackable managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	esw2 series expansion switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business 300 series managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business 500 series stackable managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business 350 series managed switches	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	small business 500 series stackable managed switches	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	esw2 series advanced switches	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	small business 550x series stackable managed switches	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	small business 350x series stackable managed switches	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	small business 300 series managed switches	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	small business series stackable managed switch	scope:	eq	version:	5000	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	3001.4.7	Trust: 0.3
vendor:	cisco	model:	small business series managed switch	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	small business series	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	esw2 series advanced switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	series stackable managed switches	scope:	eq	version:	550x0	Trust: 0.3
vendor:	cisco	model:	series stackable managed switches	scope:	eq	version:	350x0	Trust: 0.3
vendor:	cisco	model:	series managed switches	scope:	eq	version:	3500	Trust: 0.3

sources: BID: 102733 // JVNDB: JVNDB-2017-012150 // CNNVD: CNNVD-201801-633 // NVD: CVE-2017-12308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12308
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12308
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201801-633
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102817
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-12308
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12308
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-102817
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12308
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2017-12308
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-102817 // VULMON: CVE-2017-12308 // JVNDB: JVNDB-2017-012150 // CNNVD: CNNVD-201801-633 // NVD: CVE-2017-12308

PROBLEMTYPE DATA

problemtype:	CWE-113	Trust: 1.9
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: VULHUB: VHN-102817 // JVNDB: JVNDB-2017-012150 // NVD: CVE-2017-12308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-633

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201801-633

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012150

PATCH

title:	cisco-sa-20180117-300-500-smb2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2	Trust: 0.8
title:	Cisco: Cisco Small Business 300 and 500 Series Managed Switches HTTP Response Splitting Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180117-300-500-smb2	Trust: 0.1

sources: VULMON: CVE-2017-12308 // JVNDB: JVNDB-2017-012150

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12308	Trust: 2.9
db:	JVNDB	id:	JVNDB-2017-012150	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-633	Trust: 0.7
db:	BID	id:	102733	Trust: 0.5
db:	VULHUB	id:	VHN-102817	Trust: 0.1
db:	VULMON	id:	CVE-2017-12308	Trust: 0.1

sources: VULHUB: VHN-102817 // VULMON: CVE-2017-12308 // BID: 102733 // JVNDB: JVNDB-2017-012150 // CNNVD: CNNVD-201801-633 // NVD: CVE-2017-12308

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-300-500-smb2	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12308	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12308	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/102733	Trust: 0.1

sources: VULHUB: VHN-102817 // VULMON: CVE-2017-12308 // BID: 102733 // JVNDB: JVNDB-2017-012150 // CNNVD: CNNVD-201801-633 // NVD: CVE-2017-12308

CREDITS

Nicholas Lim

Trust: 0.3

sources: BID: 102733

SOURCES

db:	VULHUB	id:	VHN-102817
db:	VULMON	id:	CVE-2017-12308
db:	BID	id:	102733
db:	JVNDB	id:	JVNDB-2017-012150
db:	CNNVD	id:	CNNVD-201801-633
db:	NVD	id:	CVE-2017-12308

LAST UPDATE DATE

2024-11-23T22:42:00.106000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102817	date:	2020-09-04T00:00:00
db:	VULMON	id:	CVE-2017-12308	date:	2020-09-04T00:00:00
db:	BID	id:	102733	date:	2018-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-012150	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-633	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2017-12308	date:	2024-11-21T03:09:16.797

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102817	date:	2018-01-18T00:00:00
db:	VULMON	id:	CVE-2017-12308	date:	2018-01-18T00:00:00
db:	BID	id:	102733	date:	2018-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-012150	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-633	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2017-12308	date:	2018-01-18T06:29:00.267