CVE-2017-6762
Published on: 08/07/2017 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:26:50 PM UTC
Certain versions of Jabber Guest from Cisco contain the following vulnerability:
A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve09718.
- CVE-2017-6762 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.1 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | REQUIRED |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | MEDIUM | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| NONE | PARTIAL | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Cisco Jabber Guest Server CVE-2017-6762 Cross Site Scripting Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
BID 100108 |
| Cisco Bug: CSCve09718 - Cisco Jabber Guest Server Cross-site Scripting Vulnerability | Vendor Advisory quickview.cloudapps.cisco.com text/html |
CONFIRM quickview.cloudapps.cisco.com/quickview/bug/CSCve09718 |
| Cisco Jabber Guest Server Cross-Site Scripting Vulnerability | Vendor Advisory tools.cisco.com text/html |
CONFIRM tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cj |
| Cisco Jabber Guest Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
SECTRACK 1039060 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Jabber Guest | 10.6.10 | All | All | All |
| Application | Cisco | Jabber Guest | 10.6.11 | All | All | All |
| Application | Cisco | Jabber Guest | 10.6.12 | All | All | All |
| Application | Cisco | Jabber Guest | 10.6.9 | All | All | All |
| Application | Cisco | Jabber Guest | 11.0.0 | All | All | All |
| Application | Cisco | Jabber Guest | 10.6.10 | All | All | All |
| Application | Cisco | Jabber Guest | 10.6.11 | All | All | All |
| Application | Cisco | Jabber Guest | 10.6.12 | All | All | All |
| Application | Cisco | Jabber Guest | 10.6.9 | All | All | All |
| Application | Cisco | Jabber Guest | 11.0.0 | All | All | All |
- cpe:2.3:a:cisco:jabber_guest:10.6.10:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:10.6.11:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:10.6.12:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:10.6.9:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:11.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:10.6.10:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:10.6.11:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:10.6.12:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:10.6.9:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:jabber_guest:11.0.0:*:*:*:*:*:*:*: