Lucene search

[email protected]CVE-2017-3828

HistoryFeb 22, 2017 - 2:59 a.m.

CVE-2017-3828

2017-02-2202:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-3828

cisco

unified communications manager

xss

cross-site scripting

vulnerability

web-based interface

remote attacker

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

62.0%

JSON

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).

Affected configurations

NVD

Node

ciscounified_communications_managerMatch11.0\(1.10000.10\)

ciscounified_communications_managerMatch11.5\(1.10000.6\)

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq11.0\(1.10000.10\)
cisco:unified_communications_managercisco unified communications managereq11.5\(1.10000.6\)

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	11.0\(1.10000.10\)
cisco:unified_communications_manager	cisco unified communications manager	eq	11.5\(1.10000.6\)

CNA Affected

[
  {
    "product": "Cisco Unified Communications Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Unified Communications Manager"
      }
    ]
  }
]

References

www.securityfocus.com/bid/96240

www.securitytracker.com/id/1037839

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2017-3828

cisco1 cvelist1 prion1 openvas1 nvd1