Sign-up

ID

VAR-201702-0812


CVE

CVE-2017-3845


TITLE

Cisco Prime Collaboration Assurance of Web -Based scripting interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001640

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Releases: 11.5(0). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvc77783. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites

Trust: 2.07

sources: NVD: CVE-2017-3845 // JVNDB: JVNDB-2017-001640 // BID: 96245 // VULHUB: VHN-112048 // VULMON: CVE-2017-3845

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.5.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.1.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.5

Trust: 1.1

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.1

Trust: 1.1

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.0

Trust: 1.1

vendor:ciscomodel:prime collaboration assurancescope:neversion:11.6

Trust: 0.3

sources: BID: 96245 // JVNDB: JVNDB-2017-001640 // NVD: CVE-2017-3845 // CNNVD: CNNVD-201702-665

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-3845
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201702-665
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112048
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-3845
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2017-3845
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

VULHUB: VHN-112048
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: CVE-2017-3845
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-112048 // VULMON: CVE-2017-3845 // JVNDB: JVNDB-2017-001640 // NVD: CVE-2017-3845 // CNNVD: CNNVD-201702-665

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-112048 // JVNDB: JVNDB-2017-001640 // NVD: CVE-2017-3845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-665

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201702-665

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-3845

PATCH
title:cisco-sa-20170215-pcp3url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp3
Trust: 0.8
title:Cisco Prime Collaboration Assurance Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68166
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001640 // 
            
            
            
            CNNVD: CNNVD-201702-665

EXTERNAL IDS
db:NVDid:CVE-2017-3845
Trust: 2.9
db:BIDid:96245
Trust: 2.1
db:SECTRACKid:1037844
Trust: 1.2
db:JVNDBid:JVNDB-2017-001640
Trust: 0.8
db:CNNVDid:CNNVD-201702-665
Trust: 0.7
db:VULHUBid:VHN-112048
Trust: 0.1
db:VULMONid:CVE-2017-3845
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112048 // 
            
            
            
            VULMON: CVE-2017-3845 // 
            
            
            
            BID: 96245 // 
            
            
            
            JVNDB: JVNDB-2017-001640 // 
            
            
            
            NVD: CVE-2017-3845 // 
            
            
            
            CNNVD: CNNVD-201702-665

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp3
Trust: 2.1
url:http://www.securityfocus.com/bid/96245
Trust: 1.9
url:http://www.securitytracker.com/id/1037844
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3845
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3845
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112048 // 
            
            
            
            VULMON: CVE-2017-3845 // 
            
            
            
            BID: 96245 // 
            
            
            
            JVNDB: JVNDB-2017-001640 // 
            
            
            
            NVD: CVE-2017-3845 // 
            
            
            
            CNNVD: CNNVD-201702-665

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 96245 // 
            
            
            
            CNNVD: CNNVD-201702-665

SOURCES
db:VULHUBid:VHN-112048
db:VULMONid:CVE-2017-3845
db:BIDid:96245
db:JVNDBid:JVNDB-2017-001640
db:NVDid:CVE-2017-3845
db:CNNVDid:CNNVD-201702-665

LAST UPDATE DATE
2023-12-18T14:01:41.011000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112048date:2017-07-25T00:00:00
db:VULMONid:CVE-2017-3845date:2017-07-25T00:00:00
db:BIDid:96245date:2017-03-07T03:03:00
db:JVNDBid:JVNDB-2017-001640date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3845date:2017-07-25T01:29:09.560
db:CNNVDid:CNNVD-201702-665date:2017-02-21T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-112048date:2017-02-22T00:00:00
db:VULMONid:CVE-2017-3845date:2017-02-22T00:00:00
db:BIDid:96245date:2017-02-15T00:00:00
db:JVNDBid:JVNDB-2017-001640date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3845date:2017-02-22T02:59:00.700
db:CNNVDid:CNNVD-201702-665date:2017-02-21T00:00:00