Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2017-12308

Published: 18/01/2018 Updated: 04/09/2020
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Sg350-10 Firmware

Vulnerability Summary

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote malicious user to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the malicious user to execute arbitrary script code in the context of the affected web interface or allow the malicious user to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco sg350-10_firmware

cisco sg350-10p_firmware

cisco sg350-10mp_firmware

cisco sg355-10p_firmware

cisco sg350-28_firmware

cisco sg350-28p_firmware

cisco sg350-28mp_firmware

cisco sf350-48_firmware

cisco sf350-48p_firmware

cisco sf350-48mp_firmware

cisco sg350xg-2f10_firmware

cisco sg350xg-24f_firmware

cisco sg350xg-24t_firmware

cisco sg350xg-48t_firmware

cisco sg350x-24_firmware

cisco sg350x-24p_firmware

cisco sg350x-24mp_firmware

cisco sg350x-48_firmware

cisco sg350x-48p_firmware

cisco sg350x-48mp_firmware

cisco sx550x-16ft_firmware

cisco sx550x-24ft_firmware

cisco sx550x-12f_firmware

cisco sx550x-24f_firmware

cisco sx550x-24_firmware

cisco sx550x-52_firmware

cisco sg550x-24_firmware

cisco sg550x-24p_firmware

cisco sg550x-24mp_firmware

cisco sg550x-24mpp_firmware

cisco sg550x-48_firmware

cisco sg550x-48p_firmware

cisco sg550x-48mp_firmware

cisco sf550x-24_firmware

cisco sf550x-24p_firmware

cisco sf550x-24mp_firmware

cisco sf550x-48_firmware

cisco sf550x-48p_firmware

cisco sf550x-48mp_firmware

cisco esw2-350g-52_firmware

cisco esw2-350g-52dc_firmware

cisco esw2-550x-48_firmware

cisco esw2-550x-48dc_firmware

cisco sf302-08pp_firmware

cisco sf302-08mpp_firmware

cisco sg300-10pp_firmware

cisco sg300-10mpp_firmware

cisco sf300-24pp_firmware

cisco sf300-48pp_firmware

cisco sg300-28pp_firmware

cisco sf300-08_firmware

cisco sf300-48p_firmware

cisco sg300-10mp_firmware

cisco sg300-10p_firmware

cisco sg300-10_firmware

cisco sg300-28p_firmware

cisco sf300-24p_firmware

cisco sf302-08mp_firmware

cisco sg300-28_firmware

cisco sf300-48_firmware

cisco sg300-20_firmware

cisco sf302-08p_firmware

cisco sg300-52_firmware

cisco sf300-24_firmware

cisco sf302-08_firmware

cisco sf300-24mp_firmware

cisco sg300-10sfp_firmware

cisco sg300-28mp_firmware

cisco sg300-52p_firmware

cisco sg300-52mp_firmware

cisco sg500-28mpp_firmware

cisco sg500-52mp_firmware

cisco sg500xg-8f8t_firmware

cisco sf500-24_firmware

cisco sf500-24p_firmware

cisco sf500-48_firmware

cisco sf500-48p_firmware

cisco sg500-28_firmware

cisco sg500-28p_firmware

cisco sg500-52_firmware

cisco sg500-52p_firmware

cisco sg500x-24_firmware

cisco sg500x-24p_firmware

cisco sg500x-48_firmware

cisco sg500x-48p_firmware

Vendor Advisories

Cisco: Cisco Small Business 300 and 500 Series Managed Switches HTTP Response Splitting Vulnerability
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system The vulnerability is due to insufficient input validation of some parameters that are passed to the web server ...

References

NVD-CWE-Otherhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook