CVE-2017-6699

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 42.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure

Timeline

PublishedJul 4

Latest updateMay 14

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5cisco_prime_infrastructure_and_evolved_programmable_network_managerCisco Prime Infrastructure and Evolved Programmable Network Manager

▶NVDcisco/evolved_programmable_network_manager2.0.0, 2.0\(4.0.45b\), 2.0\(4.0.45d\)+2

▶NVDcisco/prime_infrastructure3.1, 3.1.1, 3.1\(0.128\)+2

🔴Vulnerability Details

GHSA

GHSA-896c-9g6j-4fx9: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow a↗2022-05-14

▶

CVEList

CVE-2017-6699: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow a↗2017-07-04

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager Reflected Cross-Site Scripting Vulnerability↗2017-06-21

▶