Lucene search

[email protected]CVE-2017-6788

HistoryAug 17, 2017 - 8:29 p.m.

CVE-2017-6788

2017-08-1720:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cisco

anyconnect

xss

vulnerability

security

nvd

cve-2017-6788

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.7%

JSON

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40).

Affected configurations

NVD

Node

ciscoanyconnect_secure_mobility_clientMatch4.4\(4027\)

ciscoanyconnect_secure_mobility_clientMatch4.5\(58\)

CPENameOperatorVersion
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.4\(4027\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.5\(58\)

CPE	Name	Operator	Version
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.4\(4027\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.5\(58\)

CNA Affected

[
  {
    "product": "AnyConnect WebLaunch",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "98.89(40)"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100364

www.securitytracker.com/id/1039190

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.7%

JSON

Related for CVE-2017-6788

cvelist1 cisco1 prion1 nvd1