// For flags

CVE-2017-6661

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.

Una vulnerabilidad en la interfaz de administración basada en web de Email Security Appliance (ESA) y Content Security Management Appliance (SMA) de Cisco, podría permitir a un atacante remoto no identificado conducir un ataque de tipo cross-site-scripting (XSS) contra un usuario de la interfaz de administración basada en web de un dispositivo afectado, también se conoce como XSS de Rastreo de Mensajes. Más información: CSCvd30805 CSCvd34861. Versiones Afectadas Conocidas: 10.0.0-203 10.1.0-049.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-03-09 CVE Reserved
  • 2017-06-13 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Content Security Management Appliance
Search vendor "Cisco" for product "Content Security Management Appliance"
10.0.0-203
Search vendor "Cisco" for product "Content Security Management Appliance" and version "10.0.0-203"
-
Affected
Cisco
Search vendor "Cisco"
Content Security Management Appliance
Search vendor "Cisco" for product "Content Security Management Appliance"
10.1.0-049
Search vendor "Cisco" for product "Content Security Management Appliance" and version "10.1.0-049"
-
Affected
Cisco
Search vendor "Cisco"
Email Security Appliance
Search vendor "Cisco" for product "Email Security Appliance"
10.0.0-203
Search vendor "Cisco" for product "Email Security Appliance" and version "10.0.0-203"
-
Affected
Cisco
Search vendor "Cisco"
Email Security Appliance
Search vendor "Cisco" for product "Email Security Appliance"
10.1.0-049
Search vendor "Cisco" for product "Email Security Appliance" and version "10.1.0-049"
-
Affected