cvelistv5 - cve-2017-6717

cve-2017-6717

Vulnerability from cvelistv5

Published

2017-07-04 00:00

Modified

2024-08-05 15:41

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/99217	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99217	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Cisco Firepower Management Center

Version: Cisco Firepower Management Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:16.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc"
          },
          {
            "name": "99217",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99217"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Management Center",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Firepower Management Center"
            }
          ]
        }
      ],
      "datePublic": "2017-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-04T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc"
        },
        {
          "name": "99217",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99217"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6717",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Firepower Management Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Firepower Management Center"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc"
            },
            {
              "name": "99217",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99217"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6717",
    "datePublished": "2017-07-04T00:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:16.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27EA38C1-A34F-430A-92F7-1D299F78B449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE5CF68A-AAF1-4103-AD83-E2192785B31B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38ACE806-3514-4D95-85DA-BAD7245011A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1898CADB-3B2B-4A3E-86DD-23A9E1A3E40F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D6B5ED0-0E42-45A2-BBBB-148C2BE5DD14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0091657B-E242-4664-8F2F-85B8FCDF3EE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95D7DA95-E977-4D06-92C8-E4E8B464E1D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15B5C864-D82A-43BB-B193-CB9756A3B8BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA8E3657-BC3D-4A7D-8523-0D64F69CFE8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3614E72A-667E-47F4-8D42-C1EB210E4DB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:5.4_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B2E1AA9-8A80-489A-8A6F-E9034E7D2A82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"036E4035-E8E2-4964-A6F4-7292E1804E91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF40DB44-C213-466E-B473-B07B30A42B34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6FD6283-CC58-4864-AA24-F6C6DDE630FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D1AFAC1-419D-4ADB-868B-1544BED58B7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D4EB1FD-690B-4F8C-A559-BC76CA5FDEFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D184D6D-D695-48D5-90E6-95185C1D397D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"554F229F-A0F5-4CA9-9778-5585E01ADF6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6614ED6C-E77E-4C0D-AA96-0BEE84BE2F94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53316FAB-A54F-4AB8-B605-FF042B903BFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEEB9A40-0062-406D-B56D-3163CBBE08D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_firewall_management_center:6.2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55C748E1-1011-4DA3-B910-C4773DC18D4C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el framework web de Firepower Management Center de Cisco, podr\\u00eda permitir a un atacante remoto identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz web. M\\u00e1s informaci\\u00f3n: CSCvc38801. Versiones Afectadas Conocidas: 6.0.1.3 6.2.1. Versiones Fijas Conocidas: 6.2.1.\"}]",
      "id": "CVE-2017-6717",
      "lastModified": "2024-11-26T16:09:02.407",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-07-04T00:29:00.587",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99217\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99217\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6717\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2017-07-04T00:29:00.587\",\"lastModified\":\"2024-11-26T16:09:02.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el framework web de Firepower Management Center de Cisco, podr\u00eda permitir a un atacante remoto identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz web. M\u00e1s informaci\u00f3n: CSCvc38801. Versiones Afectadas Conocidas: 6.0.1.3 6.2.1. Versiones Fijas Conocidas: 6.2.1.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27EA38C1-A34F-430A-92F7-1D299F78B449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE5CF68A-AAF1-4103-AD83-E2192785B31B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38ACE806-3514-4D95-85DA-BAD7245011A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1898CADB-3B2B-4A3E-86DD-23A9E1A3E40F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6B5ED0-0E42-45A2-BBBB-148C2BE5DD14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0091657B-E242-4664-8F2F-85B8FCDF3EE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D7DA95-E977-4D06-92C8-E4E8B464E1D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15B5C864-D82A-43BB-B193-CB9756A3B8BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA8E3657-BC3D-4A7D-8523-0D64F69CFE8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3614E72A-667E-47F4-8D42-C1EB210E4DB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:5.4_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B2E1AA9-8A80-489A-8A6F-E9034E7D2A82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E4035-E8E2-4964-A6F4-7292E1804E91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF40DB44-C213-466E-B473-B07B30A42B34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6FD6283-CC58-4864-AA24-F6C6DDE630FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D1AFAC1-419D-4ADB-868B-1544BED58B7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D4EB1FD-690B-4F8C-A559-BC76CA5FDEFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D184D6D-D695-48D5-90E6-95185C1D397D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"554F229F-A0F5-4CA9-9778-5585E01ADF6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6614ED6C-E77E-4C0D-AA96-0BEE84BE2F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53316FAB-A54F-4AB8-B605-FF042B903BFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEEB9A40-0062-406D-B56D-3163CBBE08D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_firewall_management_center:6.2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55C748E1-1011-4DA3-B910-C4773DC18D4C\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99217\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by Cisco Bug ID CSCvc38801. The vulnerability stems from the program's insufficient validation and filtering of user-submitted input

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0927",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.2.0.2"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.1.3"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.0.2"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0.0.0"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1.0.2"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.1.4"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4_base"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.4.1.9"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1.0"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0.1.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "6.0.1.3"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0_base"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.6"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.0"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.0"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.0.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.5"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.1.2"
      },
      {
        "model": "firepower management center",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6717"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "99217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6717",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6717",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-114920",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-6717",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6717",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1006",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114920",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nThis issue is being tracked by Cisco Bug ID CSCvc38801. The vulnerability stems from the program\u0027s insufficient validation and filtering of user-submitted input",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6717"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "db": "BID",
        "id": "99217"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114920"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6717",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "99217",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "36948",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114920",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114920"
      },
      {
        "db": "BID",
        "id": "99217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ]
  },
  "id": "VAR-201707-0927",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114920"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:24:24.587000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170621-fpmc",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-fpmc"
      },
      {
        "title": "Cisco Firepower Management Center Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71195"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6717"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-fpmc"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99217"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6717"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6717"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/36948"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114920"
      },
      {
        "db": "BID",
        "id": "99217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114920"
      },
      {
        "db": "BID",
        "id": "99217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114920"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "99217"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "date": "2017-07-04T00:29:00.587000",
        "db": "NVD",
        "id": "CVE-2017-6717"
      },
      {
        "date": "2017-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114920"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "BID",
        "id": "99217"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      },
      {
        "date": "2017-07-07T17:38:58.803000",
        "db": "NVD",
        "id": "CVE-2017-6717"
      },
      {
        "date": "2017-07-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Firepower Management Center of  Web Cross-site scripting vulnerability in the framework",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005307"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1006"
      }
    ],
    "trust": 0.6
  }
}

gsd-2017-6717

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6717

Aliases

CVE-2017-6717

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6717",
    "description": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.",
    "id": "GSD-2017-6717"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6717"
      ],
      "details": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.",
      "id": "GSD-2017-6717",
      "modified": "2023-12-13T01:21:09.823846Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6717",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Firepower Management Center",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Firepower Management Center"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-Site Scripting Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc"
          },
          {
            "name": "99217",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99217"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:6.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6717"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc"
            },
            {
              "name": "99217",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99217"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-07-07T17:38Z",
      "publishedDate": "2017-07-04T00:29Z"
    }
  }
}

ghsa-w56g-96qh-3fx9

Vulnerability from github

Published

2022-05-17 02:35

Modified

2022-05-17 02:35

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-04T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.",
  "id": "GHSA-w56g-96qh-3fx9",
  "modified": "2022-05-17T02:35:45Z",
  "published": "2022-05-17T02:35:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6717"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99217"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2017-6717

Vulnerability from fkie_nvd

Published

2017-07-04 00:29

Modified

2024-11-26 16:09

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/99217	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99217	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	secure_firewall_management_center	5.4.0
cisco	secure_firewall_management_center	5.4.0.2
cisco	secure_firewall_management_center	5.4.1
cisco	secure_firewall_management_center	5.4.1.1
cisco	secure_firewall_management_center	5.4.1.2
cisco	secure_firewall_management_center	5.4.1.3
cisco	secure_firewall_management_center	5.4.1.4
cisco	secure_firewall_management_center	5.4.1.5
cisco	secure_firewall_management_center	5.4.1.6
cisco	secure_firewall_management_center	5.4.1.9
cisco	secure_firewall_management_center	5.4_base
cisco	secure_firewall_management_center	6.0.0
cisco	secure_firewall_management_center	6.0.0.0
cisco	secure_firewall_management_center	6.0.0.1
cisco	secure_firewall_management_center	6.0.1
cisco	secure_firewall_management_center	6.0.1.1
cisco	secure_firewall_management_center	6.0.1.3
cisco	secure_firewall_management_center	6.0_base
cisco	secure_firewall_management_center	6.1.0
cisco	secure_firewall_management_center	6.1.0.2
cisco	secure_firewall_management_center	6.2.0
cisco	secure_firewall_management_center	6.2.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27EA38C1-A34F-430A-92F7-1D299F78B449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE5CF68A-AAF1-4103-AD83-E2192785B31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38ACE806-3514-4D95-85DA-BAD7245011A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1898CADB-3B2B-4A3E-86DD-23A9E1A3E40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B5ED0-0E42-45A2-BBBB-148C2BE5DD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0091657B-E242-4664-8F2F-85B8FCDF3EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D7DA95-E977-4D06-92C8-E4E8B464E1D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15B5C864-D82A-43BB-B193-CB9756A3B8BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8E3657-BC3D-4A7D-8523-0D64F69CFE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3614E72A-667E-47F4-8D42-C1EB210E4DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:5.4_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2E1AA9-8A80-489A-8A6F-E9034E7D2A82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E4035-E8E2-4964-A6F4-7292E1804E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF40DB44-C213-466E-B473-B07B30A42B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6FD6283-CC58-4864-AA24-F6C6DDE630FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1AFAC1-419D-4ADB-868B-1544BED58B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D4EB1FD-690B-4F8C-A559-BC76CA5FDEFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D184D6D-D695-48D5-90E6-95185C1D397D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "554F229F-A0F5-4CA9-9778-5585E01ADF6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6614ED6C-E77E-4C0D-AA96-0BEE84BE2F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53316FAB-A54F-4AB8-B605-FF042B903BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEEB9A40-0062-406D-B56D-3163CBBE08D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:6.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C748E1-1011-4DA3-B910-C4773DC18D4C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el framework web de Firepower Management Center de Cisco, podr\u00eda permitir a un atacante remoto identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz web. M\u00e1s informaci\u00f3n: CSCvc38801. Versiones Afectadas Conocidas: 6.0.1.3 6.2.1. Versiones Fijas Conocidas: 6.2.1."
    }
  ],
  "id": "CVE-2017-6717",
  "lastModified": "2024-11-26T16:09:02.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-04T00:29:00.587",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99217"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2017-6717

Vulnerability from cvelistv5

var-201707-0927

Vulnerability from variot

gsd-2017-6717

Vulnerability from gsd

ghsa-w56g-96qh-3fx9

Vulnerability from github

cve-2017-6717

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature