ID
VAR-201702-0796
CVE
CVE-2017-3833
TITLE
Cisco Unified Communications Manager of Web Cross-site scripting vulnerability in the framework
Trust: 0.8
DESCRIPTION
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvb95951. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | unified communications manager | scope: | eq | version: | 12.0\(0.99999.2\) | Trust: 1.6 |
| vendor: | cisco | model: | unified communications manager | scope: | eq | version: | 12.0(0.99999.2) | Trust: 1.1 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20170215-ucm | url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-ucm | Trust: 0.8 |
| title: | Cisco Unified Communications Manager Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68165 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-3833 | Trust: 2.8 |
| db: | BID | id: | 96246 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2017-001684 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201702-666 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-112036 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-ucm | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/96246 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3833 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3833 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-112036 |
| db: | BID | id: | 96246 |
| db: | JVNDB | id: | JVNDB-2017-001684 |
| db: | NVD | id: | CVE-2017-3833 |
| db: | CNNVD | id: | CNNVD-201702-666 |
LAST UPDATE DATE
2023-12-18T13:03:10.572000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-112036 | date: | 2017-03-01T00:00:00 |
| db: | BID | id: | 96246 | date: | 2017-03-07T04:02:00 |
| db: | JVNDB | id: | JVNDB-2017-001684 | date: | 2017-03-13T00:00:00 |
| db: | NVD | id: | CVE-2017-3833 | date: | 2017-03-01T02:59:04.840 |
| db: | CNNVD | id: | CNNVD-201702-666 | date: | 2017-02-21T00:00:00 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-112036 | date: | 2017-02-22T00:00:00 |
| db: | BID | id: | 96246 | date: | 2017-02-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-001684 | date: | 2017-03-13T00:00:00 |
| db: | NVD | id: | CVE-2017-3833 | date: | 2017-02-22T02:59:00.357 |
| db: | CNNVD | id: | CNNVD-201702-666 | date: | 2017-02-21T00:00:00 |