Sign-up

ID

VAR-201706-0586


CVE

CVE-2017-6670


TITLE

Cisco Unified Communications Domain Manager of Web Base of GUI Redirected vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-004885

DESCRIPTION

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1. Vendors have confirmed this vulnerability Bug ID CSCvc54813 It is released as.Remote attackers can malicious users Web You may be redirected to the page. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvc54813. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The web-based GUI in CUCDM has an open redirection vulnerability, which is caused by the fact that the program does not correctly perform input validation on HTTP request parameters

Trust: 1.98

sources: NVD: CVE-2017-6670 // JVNDB: JVNDB-2017-004885 // BID: 98946 // VULHUB: VHN-114873

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1\(7\)er1

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:8.1(7)er1

Trust: 0.8

vendor:ciscomodel:unified communications domain managerscope:eqversion:0

Trust: 0.3

sources: BID: 98946 // JVNDB: JVNDB-2017-004885 // CNNVD: CNNVD-201706-366 // NVD: CVE-2017-6670

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6670
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6670
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201706-366
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114873
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6670
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114873
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6670
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114873 // JVNDB: JVNDB-2017-004885 // CNNVD: CNNVD-201706-366 // NVD: CVE-2017-6670

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-114873 // JVNDB: JVNDB-2017-004885 // NVD: CVE-2017-6670

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-366

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201706-366

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004885

PATCH
title:cisco-sa-20170607-cucm1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004885

EXTERNAL IDS
db:NVDid:CVE-2017-6670
Trust: 2.8
db:BIDid:98946
Trust: 2.0
db:SECTRACKid:1038631
Trust: 1.1
db:JVNDBid:JVNDB-2017-004885
Trust: 0.8
db:CNNVDid:CNNVD-201706-366
Trust: 0.7
db:VULHUBid:VHN-114873
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114873 // 
            
            
            
            BID: 98946 // 
            
            
            
            JVNDB: JVNDB-2017-004885 // 
            
            
            
            CNNVD: CNNVD-201706-366 // 
            
            
            
            NVD: CVE-2017-6670

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-cucm1
Trust: 2.0
url:http://www.securityfocus.com/bid/98946
Trust: 1.7
url:http://www.securitytracker.com/id/1038631
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6670
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6670
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114873 // 
            
            
            
            BID: 98946 // 
            
            
            
            JVNDB: JVNDB-2017-004885 // 
            
            
            
            CNNVD: CNNVD-201706-366 // 
            
            
            
            NVD: CVE-2017-6670

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98946 // 
            
            
            
            CNNVD: CNNVD-201706-366

SOURCES
db:VULHUBid:VHN-114873
db:BIDid:98946
db:JVNDBid:JVNDB-2017-004885
db:CNNVDid:CNNVD-201706-366
db:NVDid:CVE-2017-6670

LAST UPDATE DATE
2025-04-20T23:30:59.829000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114873date:2017-07-08T00:00:00
db:BIDid:98946date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004885date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-366date:2017-07-14T00:00:00
db:NVDid:CVE-2017-6670date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114873date:2017-06-13T00:00:00
db:BIDid:98946date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004885date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-366date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6670date:2017-06-13T06:29:01.067