VAR-201710-1304
Vulnerability from variot - Updated: 2025-04-20 23:32EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. that enables model-based automated network compliance, change, and configuration management to quickly perform network change and configuration management tasks. A cross-site scripting vulnerability exists in EMCNCM. This vulnerability could be exploited by a remote attacker to control the affected system. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Link to remedies:
https://support.emc.com/products/31946_Service-Assurance-Suite
Credit: EMC would like to thank Lukasz Plonka for reporting this issue.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJZ1mSSAAoJEHbcu+fsE81Zul4H/0rz/w9V+zWyjUowYuYgKWOd c03fYbO6BEdJ/HZ05eblXDnNtp3HC6B+Z0PH8PlapfIxvGLezRvb2oidyy/BoNdc TMlVsSb9hJWEMykRMWsyT94C/wqzp3Cjm5qi8jFSdzMjfCqbaaAWCpgyg6F1VMCy vc6SAGHL9qfBqzQ1f2WR6sZMsG16qu9VgsmLciYPCGhfmqBMiWgdhcOf3cS+aDOO 6FX2ZrDuumxfFaWoS9+pG5Nz65RHTVljn6t3Xo+NhfQDS/bVbWjv8m/Jd8M0dwuL cAZsM2ukWP8DVDX0xFd0CTioPS9s2DyvThacPF1rCn7Q5qC0OgV6cAqcNgRPfsM= =QUiL -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1304",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 1.9,
"vendor": "emc",
"version": "9.4"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 1.9,
"vendor": "emc",
"version": "9.3"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "9.4.2"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "9.4.1"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "9.3.x"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "9.4.0.x"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "9.4.1.x"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "9.4.2.x"
},
{
"model": "network configuration manager",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "9.3.*"
},
{
"model": "network configuration manager",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "9.4.0.*"
},
{
"model": "network configuration manager",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "9.4.1.*"
},
{
"model": "network configuration manager",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "9.4.2.*"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "9.4.2.0"
},
{
"model": "smarts network configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "9.4.1.0"
},
{
"model": "smarts network configuration manager",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "9.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"db": "BID",
"id": "101194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
},
{
"db": "NVD",
"id": "CVE-2017-8017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emc:smarts_network_configuration_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lukasz Plonka",
"sources": [
{
"db": "BID",
"id": "101194"
},
{
"db": "PACKETSTORM",
"id": "144524"
}
],
"trust": 0.4
},
"cve": "CVE-2017-8017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-8017",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-32993",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-8017",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8017",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8017",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-32993",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-273",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8017",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"db": "VULMON",
"id": "CVE-2017-8017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
},
{
"db": "NVD",
"id": "CVE-2017-8017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. that enables model-based automated network compliance, change, and configuration management to quickly perform network change and configuration management tasks. A cross-site scripting vulnerability exists in EMCNCM. This vulnerability could be exploited by a remote attacker to control the affected system. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \n\nLink to remedies:\n\nhttps://support.emc.com/products/31946_Service-Assurance-Suite\n\nCredit:\nEMC would like to thank Lukasz Plonka for reporting this issue. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQEcBAEBCAAGBQJZ1mSSAAoJEHbcu+fsE81Zul4H/0rz/w9V+zWyjUowYuYgKWOd\nc03fYbO6BEdJ/HZ05eblXDnNtp3HC6B+Z0PH8PlapfIxvGLezRvb2oidyy/BoNdc\nTMlVsSb9hJWEMykRMWsyT94C/wqzp3Cjm5qi8jFSdzMjfCqbaaAWCpgyg6F1VMCy\nvc6SAGHL9qfBqzQ1f2WR6sZMsG16qu9VgsmLciYPCGhfmqBMiWgdhcOf3cS+aDOO\n6FX2ZrDuumxfFaWoS9+pG5Nz65RHTVljn6t3Xo+NhfQDS/bVbWjv8m/Jd8M0dwuL\ncAZsM2ukWP8DVDX0xFd0CTioPS9s2DyvThacPF1rCn7Q5qC0OgV6cAqcNgRPfsM=\n=QUiL\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"db": "BID",
"id": "101194"
},
{
"db": "VULMON",
"id": "CVE-2017-8017"
},
{
"db": "PACKETSTORM",
"id": "144524"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8017",
"trust": 3.5
},
{
"db": "BID",
"id": "101194",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1039517",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009392",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-32993",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-8017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144524",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"db": "VULMON",
"id": "CVE-2017-8017"
},
{
"db": "BID",
"id": "101194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"db": "PACKETSTORM",
"id": "144524"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
},
{
"db": "NVD",
"id": "CVE-2017-8017"
}
]
},
"id": "VAR-201710-1304",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
}
]
},
"last_update_date": "2025-04-20T23:32:48.549000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smarts Network Configuration Manager",
"trust": 0.8,
"url": "https://www.emc.com/it-management/smarts/network-configuration-manager.htm"
},
{
"title": "Patch for EMCNetworkConfigurationManager Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/105545"
},
{
"title": "EMC Network Configuration Manager Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75421"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"db": "NVD",
"id": "CVE-2017-8017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://seclists.org/fulldisclosure/2017/oct/11"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/101194"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039517"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8017"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8017"
},
{
"trust": 0.3,
"url": "http://www.emc.com/"
},
{
"trust": 0.3,
"url": "https://www.emc.com/it-management/smarts/network-configuration-manager.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.emc.com/products/31946_service-assurance-suite"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"db": "VULMON",
"id": "CVE-2017-8017"
},
{
"db": "BID",
"id": "101194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"db": "PACKETSTORM",
"id": "144524"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
},
{
"db": "NVD",
"id": "CVE-2017-8017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"db": "VULMON",
"id": "CVE-2017-8017"
},
{
"db": "BID",
"id": "101194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"db": "PACKETSTORM",
"id": "144524"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
},
{
"db": "NVD",
"id": "CVE-2017-8017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8017"
},
{
"date": "2017-10-06T00:00:00",
"db": "BID",
"id": "101194"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"date": "2017-10-06T20:02:22",
"db": "PACKETSTORM",
"id": "144524"
},
{
"date": "2017-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-273"
},
{
"date": "2017-10-11T19:29:00.393000",
"db": "NVD",
"id": "CVE-2017-8017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"date": "2017-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8017"
},
{
"date": "2017-10-06T00:00:00",
"db": "BID",
"id": "101194"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009392"
},
{
"date": "2017-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-273"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-8017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMC Network Configuration Manager Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32993"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "144524"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-273"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…