Lucene search

[email protected]CVE-2017-12308

HistoryJan 18, 2018 - 6:29 a.m.

CVE-2017-12308

2018-01-1806:29:00

CWE-113

[email protected]

web.nvd.nist.gov

cisco

small business

managed switches

vulnerability

http

response splitting

attack

remote

unauthenticated

cve-2017-12308

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980.

Affected configurations

NVD

Node

ciscosg350-10_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350-10Match-

Node

ciscosg350-10p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350-10pMatch-

Node

ciscosg350-10mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350-10mpMatch-

Node

ciscosg355-10p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg355-10pMatch-

Node

ciscosg350-28_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350-28Match-

Node

ciscosg350-28p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350-28pMatch-

Node

ciscosg350-28mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350-28mpMatch-

Node

ciscosf350-48_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf350-48Match-

Node

ciscosf350-48p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf350-48pMatch-

Node

ciscosf350-48mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf350-48mpMatch-

Node

ciscosg350xg-2f10_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350xg-2f10Match-

Node

ciscosg350xg-24f_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350xg-24fMatch-

Node

ciscosg350xg-24t_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350xg-24tMatch-

Node

ciscosg350xg-48t_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350xg-48tMatch-

Node

ciscosg350x-24_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350x-24Match-

Node

ciscosg350x-24p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350x-24pMatch-

Node

ciscosg350x-24mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350x-24mpMatch-

Node

ciscosg350x-48_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350x-48Match-

Node

ciscosg350x-48p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350x-48pMatch-

Node

ciscosg350x-48mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg350x-48mpMatch-

Node

ciscosx550x-16ft_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosx550x-16ftMatch-

Node

ciscosx550x-24ft_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosx550x-24ftMatch-

Node

ciscosx550x-12f_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosx550x-12fMatch-

Node

ciscosx550x-24f_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosx550x-24fMatch-

Node

ciscosx550x-24_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosx550x-24Match-

Node

ciscosx550x-52_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosx550x-52Match-

Node

ciscosg550x-24_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg550x-24Match-

Node

ciscosg550x-24p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg550x-24pMatch-

Node

ciscosg550x-24mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg550x-24mpMatch-

Node

ciscosg550x-24mpp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg550x-24mppMatch-

Node

ciscosg550x-48_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg550x-48Match-

Node

ciscosg550x-48p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg550x-48pMatch-

Node

ciscosg550x-48mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg550x-48mpMatch-

Node

ciscosf550x-24_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf550x-24Match-

Node

ciscosf550x-24p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf550x-24pMatch-

Node

ciscosf550x-24mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf550x-24mpMatch-

Node

ciscosf550x-48_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf550x-48Match-

Node

ciscosf550x-48p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf550x-48pMatch-

Node

ciscosf550x-48mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf550x-48mpMatch-

Node

ciscoesw2-350g-52_firmwareRange1.4.7.0–1.4.9.4

AND

ciscoesw2-350g-52Match-

Node

ciscoesw2-350g-52dc_firmwareRange1.4.7.0–1.4.9.4

AND

ciscoesw2-350g-52dcMatch-

Node

ciscoesw2-550x-48_firmwareRange1.4.7.0–1.4.9.4

AND

ciscoesw2-550x-48Match-

Node

ciscoesw2-550x-48dc_firmwareRange1.4.7.0–1.4.9.4

AND

ciscoesw2-550x-48dcMatch-

Node

ciscosf302-08pp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf302-08ppMatch-

Node

ciscosf302-08mpp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf302-08mppMatch-

Node

ciscosg300-10pp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-10ppMatch-

Node

ciscosg300-10mpp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-10mppMatch-

Node

ciscosf300-24pp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf300-24ppMatch-

Node

ciscosf300-48pp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf300-48ppMatch-

Node

ciscosg300-28pp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-28ppMatch-

Node

ciscosf300-08_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf300-08Match-

Node

ciscosf300-48p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf300-48pMatch-

Node

ciscosg300-10mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-10mpMatch-

Node

ciscosg300-10p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-10pMatch-

Node

ciscosg300-10_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-10Match-

Node

ciscosg300-28p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-28pMatch-

Node

ciscosf300-24p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf300-24pMatch-

Node

ciscosf302-08mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf302-08mpMatch-

Node

ciscosg300-28_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-28Match-

Node

ciscosf300-48_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf300-48Match-

Node

ciscosg300-20_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-20Match-

Node

ciscosf302-08p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf302-08pMatch-

Node

ciscosg300-52_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-52Match-

Node

ciscosf300-24_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf300-24Match-

Node

ciscosf302-08_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf302-08Match-

Node

ciscosf300-24mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf300-24mpMatch-

Node

ciscosg300-10sfp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-10sfpMatch-

Node

ciscosg300-28mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-28mpMatch-

Node

ciscosg300-52p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-52pMatch-

Node

ciscosg300-52mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg300-52mpMatch-

Node

ciscosg500-28mpp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500-28mppMatch-

Node

ciscosg500-52mp_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500-52mpMatch-

Node

ciscosg500xg-8f8t_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500xg-8f8tMatch-

Node

ciscosf500-24_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf500-24Match-

Node

ciscosf500-24p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf500-24pMatch-

Node

ciscosf500-48_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf500-48Match-

Node

ciscosf500-48p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosf500-48pMatch-

Node

ciscosg500-28_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500-28Match-

Node

ciscosg500-28p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500-28pMatch-

Node

ciscosg500-52_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500-52Match-

Node

ciscosg500-52p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500-52pMatch-

Node

ciscosg500x-24_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500x-24Match-

Node

ciscosg500x-24p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500x-24pMatch-

Node

ciscosg500x-48_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500x-48Match-

Node

ciscosg500x-48p_firmwareRange1.4.7.0–1.4.9.4

AND

ciscosg500x-48pMatch-

CPENameOperatorVersion
cisco:sg350-10_firmwarecisco sg350-10 firmwarelt1.4.9.4

CPE	Name	Operator	Version
cisco:sg350-10_firmware	cisco sg350-10 firmware	lt	1.4.9.4

CNA Affected

[
  {
    "product": "Cisco Small Business 300 and 500 Series Managed Switches",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Small Business 300 and 500 Series Managed Switches"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

Related for CVE-2017-12308

nvd1 cvelist1 prion1 cisco1