Lucene search

CiscoCVE-2017-6661

HistoryJun 13, 2017 - 6:29 a.m.

CVE-2017-6661

2017-06-1306:29:00

CWE-79

cisco

web.nvd.nist.gov

cscvd30805

cscvd34861

xss

cve-2017-6661

cisco

email security

content security management

remote attack

web interface

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

57.3%

JSON

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.

Affected configurations

Nvd

Node

ciscocontent_security_management_applianceMatch10.0.0-203

ciscocontent_security_management_applianceMatch10.1.0-049

ciscoemail_security_applianceMatch10.0.0-203

ciscoemail_security_applianceMatch10.1.0-049

VendorProductVersionCPE
ciscocontent_security_management_appliance10.0.0-203cpe:2.3:a:cisco:content_security_management_appliance:10.0.0-203:*:*:*:*:*:*:*
ciscocontent_security_management_appliance10.1.0-049cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-049:*:*:*:*:*:*:*
ciscoemail_security_appliance10.0.0-203cpe:2.3:a:cisco:email_security_appliance:10.0.0-203:*:*:*:*:*:*:*
ciscoemail_security_appliance10.1.0-049cpe:2.3:a:cisco:email_security_appliance:10.1.0-049:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	content_security_management_appliance	10.0.0-203	cpe:2.3:a:cisco:content_security_management_appliance:10.0.0-203:::::::*
cisco	content_security_management_appliance	10.1.0-049	cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-049:::::::*
cisco	email_security_appliance	10.0.0-203	cpe:2.3:a:cisco:email_security_appliance:10.0.0-203:::::::*
cisco	email_security_appliance	10.1.0-049	cpe:2.3:a:cisco:email_security_appliance:10.1.0-049:::::::*

CNA Affected

[
  {
    "product": "Cisco Email Security and Content Security Management Appliance",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Email Security and Content Security Management Appliance"
      }
    ]
  }
]

References

www.securityfocus.com/bid/98950

www.securitytracker.com/id/1038637

www.securitytracker.com/id/1038638

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

57.3%

JSON

Related for CVE-2017-6661