Lucene search

[email protected]CVE-2017-6661

HistoryJun 13, 2017 - 6:29 a.m.

CVE-2017-6661

2017-06-1306:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cscvd30805

cscvd34861

xss

cve-2017-6661

cisco

email security

content security management

remote attack

web interface

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

57.4%

JSON

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.

Affected configurations

NVD

Node

ciscocontent_security_management_applianceMatch10.0.0-203

ciscocontent_security_management_applianceMatch10.1.0-049

ciscoemail_security_applianceMatch10.0.0-203

ciscoemail_security_applianceMatch10.1.0-049

CPENameOperatorVersion
cisco:content_security_management_appliancecisco content security management applianceeq10.0.0-203
cisco:content_security_management_appliancecisco content security management applianceeq10.1.0-049
cisco:email_security_appliancecisco email security applianceeq10.0.0-203
cisco:email_security_appliancecisco email security applianceeq10.1.0-049

CPE	Name	Operator	Version
cisco:content_security_management_appliance	cisco content security management appliance	eq	10.0.0-203
cisco:content_security_management_appliance	cisco content security management appliance	eq	10.1.0-049
cisco:email_security_appliance	cisco email security appliance	eq	10.0.0-203
cisco:email_security_appliance	cisco email security appliance	eq	10.1.0-049

CNA Affected

[
  {
    "product": "Cisco Email Security and Content Security Management Appliance",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Email Security and Content Security Management Appliance"
      }
    ]
  }
]

References

www.securityfocus.com/bid/98950

www.securitytracker.com/id/1038637

www.securitytracker.com/id/1038638

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

57.4%

JSON

Related for CVE-2017-6661

nvd1 openvas2 prion1 cvelist1 cisco1