CVE-2017-6699 - OpenCVE

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Prime Infrastructure Evolved Programmable Network Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\(4.0.45b\):::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\(4.0.45d\):::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0.0:::::::*
	cpe:2.3:a:cisco:prime_infrastructure:3.1:::::::*
	cpe:2.3:a:cisco:prime_infrastructure:3.1\(0.128\):::::::*
	cpe:2.3:a:cisco:prime_infrastructure:3.1.1:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/99221	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038751	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2017-07-04T00:00:00

Updated: 2017-07-06T09:57:01

Reserved: 2017-03-09T00:00:00

Link: CVE-2017-6699

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-04T00:29:00.290

Modified: 2019-07-29T17:46:19.010

Link: CVE-2017-6699

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Cisco Prime Infrastructure and Evolved Programmable Network Manager", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Prime Infrastructure and Evolved Programmable Network Manager"}]}], "datePublic": "2017-07-03T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B)."}], "problemTypes": [{"descriptions": [{"description": "Reflected Cross-Site Scripting Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-06T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1038751", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038751"}, {"name": "99221", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99221"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6699", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Prime Infrastructure and Evolved Programmable Network Manager", "version": {"version_data": [{"version_value": "Cisco Prime Infrastructure and Evolved Programmable Network Manager"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Reflected Cross-Site Scripting Vulnerability"}]}]}, "references": {"reference_data": [{"name": "1038751", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038751"}, {"name": "99221", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99221"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6699", "datePublished": "2017-07-04T00:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2017-07-06T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\\(4.0.45b\\):*:*:*:*:*:*:*", "matchCriteriaId": "2B1F8D62-E893-4AF6-8195-DFB7810AA6AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\\(4.0.45d\\):*:*:*:*:*:*:*", "matchCriteriaId": "408D3C56-EB92-4013-860B-C60AF0D03D39", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "76E28AD8-1C7F-4003-B27C-1F87B988FE03", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "27F4F1D6-82DA-4675-B734-D9C5371E6654", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.1\\(0.128\\):*:*:*:*:*:*:*", "matchCriteriaId": "4F9CC0D0-08A5-45A0-BF1C-2D3E32D49B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BBD9A93C-FE79-4323-BBF1-F9B2CD559570", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B)."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Prime Infrastructure (PI) y Evolved Programmable Network Manager (EPNM) de Cisco, podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) reflejado contra un usuario de la interfaz de administraci\u00f3n basada en web en un dispositivo afectado. M\u00e1s informaci\u00f3n: CSCvc24616 CSCvc35363 CSCvc49574. Versiones Afectadas Conocidas: 3.1(1) 2.0(4.0.45B)."}], "id": "CVE-2017-6699", "lastModified": "2019-07-29T17:46:19.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-04T00:29:00.290", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99221"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038751"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}