CVE-2017-3872
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219).
Una vulnerabilidad de desviación del filtro XSS en la interfaz de administración basada en web de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado lleve a cabo ataques XSS contra un usuario de un dispositivo afectado. Más información: CSCvc21620. Lanzamientos afectados conocidos: 10.5 (2.14076.1). Lanzamientos fijos conocidos: 12.0 (0.98.000.641) 12.0 (0.98000.500) 12.0 (0.98000.219).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-21 CVE Reserved
- 2017-03-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/96916 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038036 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm | 2019-04-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 10.5\(2.10000.5\) Search vendor "Cisco" for product "Unified Communications Manager" and version "10.5\(2.10000.5\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 10.5\(2.14076.1\) Search vendor "Cisco" for product "Unified Communications Manager" and version "10.5\(2.14076.1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 11.0\(1.10000.10\) Search vendor "Cisco" for product "Unified Communications Manager" and version "11.0\(1.10000.10\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 11.5\(1.10000.6\) Search vendor "Cisco" for product "Unified Communications Manager" and version "11.5\(1.10000.6\)" | - |
Affected
| ||||||