Lucene search

CiscoCVE-2017-6699

HistoryJul 04, 2017 - 12:29 a.m.

CVE-2017-6699

2017-07-0400:29:00

CWE-79

cisco

web.nvd.nist.gov

cve-2017-6699

cisco

prime infrastructure

epnm

vulnerability

xss

web interface

remote attacker

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.6%

JSON

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).

Affected configurations

Nvd

Node

ciscoevolved_programmable_network_managerMatch2.0\(4.0.45b\)

ciscoevolved_programmable_network_managerMatch2.0\(4.0.45d\)

ciscoevolved_programmable_network_managerMatch2.0.0

ciscoprime_infrastructureMatch3.1

ciscoprime_infrastructureMatch3.1\(0.128\)

ciscoprime_infrastructureMatch3.1.1

VendorProductVersionCPE
ciscoevolved_programmable_network_manager2.0(4.0.45b)cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\(4.0.45b\):*:*:*:*:*:*:*
ciscoevolved_programmable_network_manager2.0(4.0.45d)cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\(4.0.45d\):*:*:*:*:*:*:*
ciscoevolved_programmable_network_manager2.0.0cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0.0:*:*:*:*:*:*:*
ciscoprime_infrastructure3.1cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*
ciscoprime_infrastructure3.1(0.128)cpe:2.3:a:cisco:prime_infrastructure:3.1\(0.128\):*:*:*:*:*:*:*
ciscoprime_infrastructure3.1.1cpe:2.3:a:cisco:prime_infrastructure:3.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	evolved_programmable_network_manager	2.0(4.0.45b)	cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\(4.0.45b\):::::::*
cisco	evolved_programmable_network_manager	2.0(4.0.45d)	cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\(4.0.45d\):::::::*
cisco	evolved_programmable_network_manager	2.0.0	cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0.0:::::::*
cisco	prime_infrastructure	3.1	cpe:2.3:a:cisco:prime_infrastructure:3.1:::::::*
cisco	prime_infrastructure	3.1(0.128)	cpe:2.3:a:cisco:prime_infrastructure:3.1\(0.128\):::::::*
cisco	prime_infrastructure	3.1.1	cpe:2.3:a:cisco:prime_infrastructure:3.1.1:::::::*

CNA Affected

[
  {
    "product": "Cisco Prime Infrastructure and Evolved Programmable Network Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime Infrastructure and Evolved Programmable Network Manager"
      }
    ]
  }
]

References

www.securityfocus.com/bid/99221

www.securitytracker.com/id/1038751

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.6%

JSON

Related for CVE-2017-6699