Sign-up

ID

VAR-201710-1304


CVE

CVE-2017-8017


TITLE

EMC Network Configuration Manager Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-32993 // CNNVD: CNNVD-201710-273

DESCRIPTION

EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. that enables model-based automated network compliance, change, and configuration management to quickly perform network change and configuration management tasks. A cross-site scripting vulnerability exists in EMCNCM. This vulnerability could be exploited by a remote attacker to control the affected system. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Link to remedies: https://support.emc.com/products/31946_Service-Assurance-Suite Credit: EMC would like to thank Lukasz Plonka for reporting this issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZ1mSSAAoJEHbcu+fsE81Zul4H/0rz/w9V+zWyjUowYuYgKWOd c03fYbO6BEdJ/HZ05eblXDnNtp3HC6B+Z0PH8PlapfIxvGLezRvb2oidyy/BoNdc TMlVsSb9hJWEMykRMWsyT94C/wqzp3Cjm5qi8jFSdzMjfCqbaaAWCpgyg6F1VMCy vc6SAGHL9qfBqzQ1f2WR6sZMsG16qu9VgsmLciYPCGhfmqBMiWgdhcOf3cS+aDOO 6FX2ZrDuumxfFaWoS9+pG5Nz65RHTVljn6t3Xo+NhfQDS/bVbWjv8m/Jd8M0dwuL cAZsM2ukWP8DVDX0xFd0CTioPS9s2DyvThacPF1rCn7Q5qC0OgV6cAqcNgRPfsM= =QUiL -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2017-8017 // JVNDB: JVNDB-2017-009392 // CNVD: CNVD-2017-32993 // BID: 101194 // VULMON: CVE-2017-8017 // PACKETSTORM: 144524

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32993

AFFECTED PRODUCTS

vendor:emcmodel:smarts network configuration managerscope:eqversion:9.4

Trust: 1.9

vendor:emcmodel:smarts network configuration managerscope:eqversion:9.3

Trust: 1.9

vendor:emcmodel:smarts network configuration managerscope:eqversion:9.4.2

Trust: 1.6

vendor:emcmodel:smarts network configuration managerscope:eqversion:9.4.1

Trust: 1.6

vendor:dell emc old emcmodel:smarts network configuration managerscope:eqversion:9.3.x

Trust: 0.8

vendor:dell emc old emcmodel:smarts network configuration managerscope:eqversion:9.4.0.x

Trust: 0.8

vendor:dell emc old emcmodel:smarts network configuration managerscope:eqversion:9.4.1.x

Trust: 0.8

vendor:dell emc old emcmodel:smarts network configuration managerscope:eqversion:9.4.2.x

Trust: 0.8

vendor:emcmodel:network configuration managerscope:eqversion:9.3.*

Trust: 0.6

vendor:emcmodel:network configuration managerscope:eqversion:9.4.0.*

Trust: 0.6

vendor:emcmodel:network configuration managerscope:eqversion:9.4.1.*

Trust: 0.6

vendor:emcmodel:network configuration managerscope:eqversion:9.4.2.*

Trust: 0.6

vendor:emcmodel:smarts network configuration managerscope:eqversion:9.4.2.0

Trust: 0.3

vendor:emcmodel:smarts network configuration managerscope:eqversion:9.4.1.0

Trust: 0.3

vendor:emcmodel:smarts network configuration managerscope:neversion:9.5

Trust: 0.3

sources: CNVD: CNVD-2017-32993 // BID: 101194 // JVNDB: JVNDB-2017-009392 // CNNVD: CNNVD-201710-273 // NVD: CVE-2017-8017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8017
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8017
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-32993
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-273
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-8017
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8017
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-32993
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-8017
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-32993 // VULMON: CVE-2017-8017 // JVNDB: JVNDB-2017-009392 // CNNVD: CNNVD-201710-273 // NVD: CVE-2017-8017

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-009392 // NVD: CVE-2017-8017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-273

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 144524 // CNNVD: CNNVD-201710-273

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009392

PATCH
title:Smarts Network Configuration Managerurl:https://www.emc.com/it-management/smarts/network-configuration-manager.htm
Trust: 0.8
title:Patch for EMCNetworkConfigurationManager Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105545
Trust: 0.6
title:EMC Network Configuration Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75421
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32993 // 
            
            
            
            JVNDB: JVNDB-2017-009392 // 
            
            
            
            CNNVD: CNNVD-201710-273

EXTERNAL IDS
db:NVDid:CVE-2017-8017
Trust: 3.5
db:BIDid:101194
Trust: 1.4
db:SECTRACKid:1039517
Trust: 1.1
db:JVNDBid:JVNDB-2017-009392
Trust: 0.8
db:CNVDid:CNVD-2017-32993
Trust: 0.6
db:CNNVDid:CNNVD-201710-273
Trust: 0.6
db:VULMONid:CVE-2017-8017
Trust: 0.1
db:PACKETSTORMid:144524
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32993 // 
            
            
            
            VULMON: CVE-2017-8017 // 
            
            
            
            BID: 101194 // 
            
            
            
            JVNDB: JVNDB-2017-009392 // 
            
            
            
            PACKETSTORM: 144524 // 
            
            
            
            CNNVD: CNNVD-201710-273 // 
            
            
            
            NVD: CVE-2017-8017

REFERENCES
url:http://seclists.org/fulldisclosure/2017/oct/11
Trust: 3.4
url:http://www.securityfocus.com/bid/101194
Trust: 1.2
url:http://www.securitytracker.com/id/1039517
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8017
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8017
Trust: 0.8
url:http://www.emc.com/
Trust: 0.3
url:https://www.emc.com/it-management/smarts/network-configuration-manager.htm
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=55549
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.emc.com/products/31946_service-assurance-suite
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32993 // 
            
            
            
            VULMON: CVE-2017-8017 // 
            
            
            
            BID: 101194 // 
            
            
            
            JVNDB: JVNDB-2017-009392 // 
            
            
            
            PACKETSTORM: 144524 // 
            
            
            
            CNNVD: CNNVD-201710-273 // 
            
            
            
            NVD: CVE-2017-8017

CREDITS
Lukasz Plonka
Trust: 0.4
sources:
            
            
            BID: 101194 // 
            
            
            
            PACKETSTORM: 144524

SOURCES
db:CNVDid:CNVD-2017-32993
db:VULMONid:CVE-2017-8017
db:BIDid:101194
db:JVNDBid:JVNDB-2017-009392
db:PACKETSTORMid:144524
db:CNNVDid:CNNVD-201710-273
db:NVDid:CVE-2017-8017

LAST UPDATE DATE
2025-04-20T23:32:48.549000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32993date:2017-11-07T00:00:00
db:VULMONid:CVE-2017-8017date:2017-11-03T00:00:00
db:BIDid:101194date:2017-10-06T00:00:00
db:JVNDBid:JVNDB-2017-009392date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-273date:2017-10-13T00:00:00
db:NVDid:CVE-2017-8017date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32993date:2017-11-07T00:00:00
db:VULMONid:CVE-2017-8017date:2017-10-11T00:00:00
db:BIDid:101194date:2017-10-06T00:00:00
db:JVNDBid:JVNDB-2017-009392date:2017-11-10T00:00:00
db:PACKETSTORMid:144524date:2017-10-06T20:02:22
db:CNNVDid:CNNVD-201710-273date:2017-10-13T00:00:00
db:NVDid:CVE-2017-8017date:2017-10-11T19:29:00.393