Sign-up

ID

VAR-201702-0788


CVE

CVE-2017-3821


TITLE

Cisco Unified Communications Manager of serviceability Page vulnerable to reflective cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-001631

DESCRIPTION

A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvc49348. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability is caused by the program not filtering or encoding the data submitted by the user correctly. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by enticing users to open malicious links

Trust: 2.07

sources: NVD: CVE-2017-3821 // JVNDB: JVNDB-2017-001631 // BID: 96241 // VULHUB: VHN-112024 // VULMON: CVE-2017-3821

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.14076.1\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.14076.1)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.609)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.478)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.209)

Trust: 0.3

sources: BID: 96241 // JVNDB: JVNDB-2017-001631 // NVD: CVE-2017-3821 // CNNVD: CNNVD-201702-662

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-3821
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201702-662
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112024
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-3821
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2017-3821
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

VULHUB: VHN-112024
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: CVE-2017-3821
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-112024 // VULMON: CVE-2017-3821 // JVNDB: JVNDB-2017-001631 // NVD: CVE-2017-3821 // CNNVD: CNNVD-201702-662

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-112024 // JVNDB: JVNDB-2017-001631 // NVD: CVE-2017-3821

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-662

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201702-662

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-3821

PATCH
title:cisco-sa-20170215-cucmurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-cucm
Trust: 0.8
title:Cisco Unified Communications Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68169
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001631 // 
            
            
            
            CNNVD: CNNVD-201702-662

EXTERNAL IDS
db:NVDid:CVE-2017-3821
Trust: 2.9
db:BIDid:96241
Trust: 2.1
db:SECTRACKid:1037839
Trust: 1.2
db:JVNDBid:JVNDB-2017-001631
Trust: 0.8
db:CNNVDid:CNNVD-201702-662
Trust: 0.7
db:VULHUBid:VHN-112024
Trust: 0.1
db:VULMONid:CVE-2017-3821
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112024 // 
            
            
            
            VULMON: CVE-2017-3821 // 
            
            
            
            BID: 96241 // 
            
            
            
            JVNDB: JVNDB-2017-001631 // 
            
            
            
            NVD: CVE-2017-3821 // 
            
            
            
            CNNVD: CNNVD-201702-662

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-cucm
Trust: 2.1
url:http://www.securityfocus.com/bid/96241
Trust: 1.9
url:http://www.securitytracker.com/id/1037839
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3821
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3821
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112024 // 
            
            
            
            VULMON: CVE-2017-3821 // 
            
            
            
            BID: 96241 // 
            
            
            
            JVNDB: JVNDB-2017-001631 // 
            
            
            
            NVD: CVE-2017-3821 // 
            
            
            
            CNNVD: CNNVD-201702-662

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 96241 // 
            
            
            
            CNNVD: CNNVD-201702-662

SOURCES
db:VULHUBid:VHN-112024
db:VULMONid:CVE-2017-3821
db:BIDid:96241
db:JVNDBid:JVNDB-2017-001631
db:NVDid:CVE-2017-3821
db:CNNVDid:CNNVD-201702-662

LAST UPDATE DATE
2023-12-18T12:37:36.398000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112024date:2017-07-25T00:00:00
db:VULMONid:CVE-2017-3821date:2017-07-25T00:00:00
db:BIDid:96241date:2017-03-07T04:02:00
db:JVNDBid:JVNDB-2017-001631date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3821date:2017-07-25T01:29:08.780
db:CNNVDid:CNNVD-201702-662date:2017-02-21T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-112024date:2017-02-22T00:00:00
db:VULMONid:CVE-2017-3821date:2017-02-22T00:00:00
db:BIDid:96241date:2017-02-15T00:00:00
db:JVNDBid:JVNDB-2017-001631date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3821date:2017-02-22T02:59:00.200
db:CNNVDid:CNNVD-201702-662date:2017-02-21T00:00:00