Details of VAR-201712-0186

ID

VAR-201712-0186

CVE

CVE-2017-14386

TITLE

Dell 2335DN and 2355DN Multi-site laser printer firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011311

DESCRIPTION

The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. The Dell2335dn and 2355dn are Dell's versatile laser printers

Trust: 2.25

sources: NVD: CVE-2017-14386 // JVNDB: JVNDB-2017-011311 // CNVD: CNVD-2018-00309 // VULMON: CVE-2017-14386

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-00309

AFFECTED PRODUCTS

vendor:	dell	model:	2335dn	scope:	lt	version:	2.70.06.26_a13	Trust: 1.0
vendor:	dell	model:	2355dn	scope:	lt	version:	2.70.45.34_a10	Trust: 1.0
vendor:	dell	model:	2335dn	scope:	lt	version:	2.70.06.26 a13	Trust: 0.8
vendor:	dell	model:	2355dn	scope:	lt	version:	2.70.45.34 a10	Trust: 0.8
vendor:	dell	model:	2335dn	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	2355dn	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-00309 // JVNDB: JVNDB-2017-011311 // NVD: CVE-2017-14386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14386
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-14386
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-00309
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-446
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-14386
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-14386
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-00309
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-14386
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-00309 // VULMON: CVE-2017-14386 // JVNDB: JVNDB-2017-011311 // CNNVD: CNNVD-201709-446 // NVD: CVE-2017-14386

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2017-011311 // NVD: CVE-2017-14386

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-446

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201709-446

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011311

PATCH

title:	Dell 2355DN Firmware	url:	http://www.dell.com/support/home/jp/ja/jpbsd1/drivers/driversdetails?driverId=782W3	Trust: 0.8
title:	Dell 2335DN Firmware	url:	http://www.dell.com/support/home/jp/ja/jpbsd1/drivers/driversdetails?driverId=CG55V	Trust: 0.8
title:	Patch for Dell2335dn and 2355dn Cross-Site Scripting Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/112681	Trust: 0.6

sources: CNVD: CNVD-2018-00309 // JVNDB: JVNDB-2017-011311

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14386	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-011311	Trust: 0.8
db:	CNVD	id:	CNVD-2018-00309	Trust: 0.6
db:	CNNVD	id:	CNNVD-201709-446	Trust: 0.6
db:	VULMON	id:	CVE-2017-14386	Trust: 0.1

sources: CNVD: CNVD-2018-00309 // VULMON: CVE-2017-14386 // JVNDB: JVNDB-2017-011311 // CNNVD: CNNVD-201709-446 // NVD: CVE-2017-14386

REFERENCES

url:	http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=cg55v	Trust: 1.7
url:	http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=782w3	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14386	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14386	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-00309 // VULMON: CVE-2017-14386 // JVNDB: JVNDB-2017-011311 // CNNVD: CNNVD-201709-446 // NVD: CVE-2017-14386

SOURCES

db:	CNVD	id:	CNVD-2018-00309
db:	VULMON	id:	CVE-2017-14386
db:	JVNDB	id:	JVNDB-2017-011311
db:	CNNVD	id:	CNNVD-201709-446
db:	NVD	id:	CVE-2017-14386

LAST UPDATE DATE

2025-04-20T23:15:50.172000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-00309	date:	2018-01-05T00:00:00
db:	VULMON	id:	CVE-2017-14386	date:	2017-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-011311	date:	2018-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201709-446	date:	2017-12-08T00:00:00
db:	NVD	id:	CVE-2017-14386	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-00309	date:	2018-01-05T00:00:00
db:	VULMON	id:	CVE-2017-14386	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-011311	date:	2018-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201709-446	date:	2017-09-13T00:00:00
db:	NVD	id:	CVE-2017-14386	date:	2017-12-07T19:29:00.257