Remote Code Execution Vulnerability in Cisco Small Business Managed Switches
CVE-2017-12308

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Small Business 300 And 500 Series Managed Switches
Vendor: CVE Published:; 18 January 2018

Summary

A vulnerability in the web framework of Cisco Small Business Managed Switches software allows unauthenticated remote attackers to perform an HTTP response splitting attack. Due to inadequate input validation of certain parameters to the web server, attackers can exploit this issue by luring users to click on malicious links or by intercepting user requests to inject harmful code. A successful attack could grant the attacker the ability to execute arbitrary scripts within the affected web interface, potentially exposing sensitive browser-based information.

Affected Version(s)

Cisco Small Business 300 and 500 Series Managed Switches Cisco Small Business 300 and 500 Series Managed Switches

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 18, 2018
Vulnerability Reserved
Aug 3, 2017