Details of VAR-201702-0813

ID

VAR-201702-0813

CVE

CVE-2017-3847

TITLE

Cisco Firepower Management Center of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2017-001641

DESCRIPTION

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1. Vendors have confirmed this vulnerability Bug ID CSCvc72741 It is released as.Of the affected system by a remote attacker. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by Cisco Bug ID CSCvc72741

Trust: 1.98

sources: NVD: CVE-2017-3847 // JVNDB: JVNDB-2017-001641 // BID: 96253 // VULHUB: VHN-112050

AFFECTED PRODUCTS

vendor:

cisco

model:

firepower management center

scope:

version:

6.2.1

Trust: 2.7

sources: BID: 96253 // JVNDB: JVNDB-2017-001641 // NVD: CVE-2017-3847 // CNNVD: CNNVD-201702-676

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-3847
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201702-676
value:	LOW
Trust: 0.6
VULHUB:	VHN-112050
value:	LOW
Trust: 0.1

NVD:
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-3847
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-112050
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	CVE-2017-3847
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-112050 // JVNDB: JVNDB-2017-001641 // NVD: CVE-2017-3847 // CNNVD: CNNVD-201702-676

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-112050 // JVNDB: JVNDB-2017-001641 // NVD: CVE-2017-3847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-676

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201702-676

CONFIGURATIONS

sources: NVD: CVE-2017-3847

PATCH

title:	cisco-sa-20170215-fpmc	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-fpmc	Trust: 0.8
title:	Cisco Firepower Management Center Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68155	Trust: 0.6

sources: JVNDB: JVNDB-2017-001641 // CNNVD: CNNVD-201702-676

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3847	Trust: 2.8
db:	BID	id:	96253	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-001641	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-676	Trust: 0.7
db:	VULHUB	id:	VHN-112050	Trust: 0.1

sources: VULHUB: VHN-112050 // BID: 96253 // JVNDB: JVNDB-2017-001641 // NVD: CVE-2017-3847 // CNNVD: CNNVD-201702-676

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-fpmc	Trust: 2.0
url:	http://www.securityfocus.com/bid/96253	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3847	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3847	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/security/firesight-management-center/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-112050 // BID: 96253 // JVNDB: JVNDB-2017-001641 // NVD: CVE-2017-3847 // CNNVD: CNNVD-201702-676

CREDITS

Cisco

Trust: 0.9

sources: BID: 96253 // CNNVD: CNNVD-201702-676

SOURCES

db:	VULHUB	id:	VHN-112050
db:	BID	id:	96253
db:	JVNDB	id:	JVNDB-2017-001641
db:	NVD	id:	CVE-2017-3847
db:	CNNVD	id:	CNNVD-201702-676

LAST UPDATE DATE

2023-12-18T13:29:25.549000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112050	date:	2017-03-07T00:00:00
db:	BID	id:	96253	date:	2017-03-07T02:04:00
db:	JVNDB	id:	JVNDB-2017-001641	date:	2017-03-10T00:00:00
db:	NVD	id:	CVE-2017-3847	date:	2017-03-07T02:59:00.987
db:	CNNVD	id:	CNNVD-201702-676	date:	2017-02-21T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112050	date:	2017-02-22T00:00:00
db:	BID	id:	96253	date:	2017-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-001641	date:	2017-03-10T00:00:00
db:	NVD	id:	CVE-2017-3847	date:	2017-02-22T02:59:00.717
db:	CNNVD	id:	CNNVD-201702-676	date:	2017-02-21T00:00:00