What is the severity of CVE-2017-12307?

CVE-2017-12307 has a high severity rating due to its potential for reflected cross-site scripting (XSS) attacks.

How do I fix CVE-2017-12307?

To fix CVE-2017-12307, update the affected Cisco Small Business Managed Switches software to version 1.4.9.4 or later.

What types of Cisco devices are affected by CVE-2017-12307?

CVE-2017-12307 affects multiple models including Cisco SG350-10, SG350-28, and others within the Small Business Managed Switches series.

Can CVE-2017-12307 be exploited remotely?

Yes, CVE-2017-12307 can be exploited by an unauthenticated remote attacker targeting users of the web interface.

What is the impact of a successful exploit of CVE-2017-12307?

A successful exploit of CVE-2017-12307 allows the attacker to execute arbitrary scripts in the context of the user's session.

Vulnerability/
CVE-2017-12307

medium

6.1

CWE

79 20

18/1/2018

2/12/2024

CVE-2017-12307: XSS

First published: Thu Jan 18 2018(Updated: )

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco SG350-10 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350-10P
Cisco SG350-10P	>=1.4.7.0<1.4.9.4
Cisco SG350-10P
Cisco SG350-10MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350-10MP
Cisco SG355-10P	>=1.4.7.0<1.4.9.4
Cisco SG355-10P
Cisco SG350-28 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350-28
Cisco SG350-28P Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350-28P
Cisco SG350-28MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350-28MP
Cisco SF350-48 Firmware	>=1.4.7.0<1.4.9.4
Cisco SF350-48P Firmware
Cisco SF350-48P Firmware	>=1.4.7.0<1.4.9.4
Cisco SF350-48P Firmware
Cisco SF350-48MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SF350-48MP Firmware
Cisco SG350XG-2F10 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350XG-2F10
Cisco SG350XG-24F Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350XG-24F Firmware
Cisco SG350XG-24T Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350XG-24T Firmware
Cisco SG350XG-48T Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350XG-48T Firmware
Cisco SG350X-24 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350X-24 Firmware
Cisco SG350X-24 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350X-24PV
Cisco SG350X-24MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350X-24MP
Cisco SG350X-48 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350X-48
Cisco SG350X-48P Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350X-48P Firmware
Cisco SG350X-48MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG350X-48MP Firmware
Cisco SX550X-16FT Firmware	>=1.4.7.0<1.4.9.4
Cisco SX550X-16FT
Cisco SX550X-24FT Firmware	>=1.4.7.0<1.4.9.4
Cisco SX550X-24FT
Cisco SX550X-12F Firmware	>=1.4.7.0<1.4.9.4
Cisco SX550X-12F Firmware
Cisco SX550X-24F Firmware	>=1.4.7.0<1.4.9.4
Cisco SX550X-24F Firmware
Cisco SX550X-24FT Firmware	>=1.4.7.0<1.4.9.4
Cisco SX550X-24
Cisco SX550X-52 Firmware	>=1.4.7.0<1.4.9.4
Cisco SX550X-52
Cisco SG550X-24 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG550X-24 Firmware
Cisco SG550X-24P Firmware	>=1.4.7.0<1.4.9.4
Cisco SG550X-24P Firmware
Cisco SG550X-24MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG550X-24MP
Cisco SG550X-24MPP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG550X-24MPP
Cisco SG550X-48MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG550X-48T
Cisco SG550X-48P Firmware	>=1.4.7.0<1.4.9.4
Cisco SG550X-48P
Cisco SG550X-48MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG550X-48MP
Cisco SF550X-24 Firmware	>=1.4.7.0<1.4.9.4
Cisco SF550X-24 Firmware
Cisco SF550X-24P Firmware	>=1.4.7.0<1.4.9.4
Cisco SF550X-24P
Cisco SF550X-24MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SF550X-24MP
Cisco SF550X-48 Firmware	>=1.4.7.0<1.4.9.4
Cisco SF550X-48
Cisco SF550X-48P Firmware	>=1.4.7.0<1.4.9.4
Cisco SG550X-48P
Cisco SG550X-48MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SF550X-48MP
Cisco ESW2-350G-52 Firmware	>=1.4.7.0<1.4.9.4
Cisco ESW2-350G-52
Cisco ESW2-350G-52DC	>=1.4.7.0<1.4.9.4
Cisco ESW2-350G-52DC
Cisco ESW2-550X-48 Firmware	>=1.4.7.0<1.4.9.4
Cisco ESW2-550X-48
Cisco ESW2-550X-48DC Firmware	>=1.4.7.0<1.4.9.4
Cisco ESW2-550X-48DC
Cisco SF302-08PP Firmware	>=1.4.7.0<1.4.9.4
Cisco SF302-08PP Firmware
Cisco SF302-08MPP Firmware	>=1.4.7.0<1.4.9.4
Cisco SF302-08MPP
Cisco SG300-10PP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-10PP Firmware
Cisco SG300-10MPP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-10MPP Firmware
Cisco SF300-24PP Firmware	>=1.4.7.0<1.4.9.4
Cisco SF300-24PP
Cisco SF300-48PP Firmware	>=1.4.7.0<1.4.9.4
Cisco SF300-48PP Firmware
Cisco SG300-28PP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-28PP
Cisco SF300-08 Firmware	>=1.4.7.0<1.4.9.4
Cisco SF300-08 Firmware
Cisco SF300-48P Firmware	>=1.4.7.0<1.4.9.4
Cisco SF300-48P Firmware
Cisco SG300-10MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-10MP Firmware
Cisco SG300-10P Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-10P
Cisco SG300-10 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-10
Cisco SG300-28P Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-28P
Cisco SF300-24P	>=1.4.7.0<1.4.9.4
Cisco SF300-24P
Cisco SF302-08MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SF302-08MP
Cisco SG300-28 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-28
Cisco SF300-48P Firmware	>=1.4.7.0<1.4.9.4
Cisco SF300-48
Cisco SG300-20 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-20 Firmware
Cisco SF302-08P Firmware	>=1.4.7.0<1.4.9.4
Cisco SF302-08P Firmware
Cisco SG300-52 Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-52
Cisco SF300-24P Firmware	>=1.4.7.0<1.4.9.4
Cisco SF300-24
Cisco SF302-08 Firmware	>=1.4.7.0<1.4.9.4
Cisco SF302-08
Cisco sf300-24mp firmware	>=1.4.7.0<1.4.9.4
Cisco SF300-24MP
Cisco SG300-10SFP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-10SFP Firmware
Cisco SG300-28MP	>=1.4.7.0<1.4.9.4
Cisco SG300-28MP
Cisco SG300-52P Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-52P
Cisco SG300-52MP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG300-52MP
Cisco SG500-28PP Firmware	>=1.4.7.0<1.4.9.4
Cisco SG500-28MPP Firmware
Cisco SG500-52MP	>=1.4.7.0<1.4.9.4
Cisco SG500-52
Cisco SG500XG-8F8T Firmware	>=1.4.7.0<1.4.9.4
Cisco SG500XG-8F8T Firmware
Cisco SF500-24	>=1.4.7.0<1.4.9.4
Cisco SF500-24MP
Cisco SF500-24P	>=1.4.7.0<1.4.9.4
Cisco SF500-24P Firmware
Cisco SF500-48P Firmware	>=1.4.7.0<1.4.9.4
Cisco SF500-48 Firmware
Cisco SF500-48P Firmware	>=1.4.7.0<1.4.9.4
Cisco SF500-48 Firmware
Cisco SG500-28	>=1.4.7.0<1.4.9.4
Cisco SG500-28PP Firmware
Cisco SG500-28P	>=1.4.7.0<1.4.9.4
Cisco SG500-28P
Cisco SG500-52P	>=1.4.7.0<1.4.9.4
Cisco SG500-52 Firmware
Cisco SG500-52P	>=1.4.7.0<1.4.9.4
Cisco SG500-52P
Cisco SG500X-24	>=1.4.7.0<1.4.9.4
Cisco SG500X-24P
Cisco SG500X-24P	>=1.4.7.0<1.4.9.4
Cisco SG500X-24P
Cisco SG500X-48	>=1.4.7.0<1.4.9.4
Cisco SG500X-48MP Firmware
Cisco SG500X-48P	>=1.4.7.0<1.4.9.4
Cisco SG500X-48P

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-12307?
CVE-2017-12307 has a high severity rating due to its potential for reflected cross-site scripting (XSS) attacks.
How do I fix CVE-2017-12307?
To fix CVE-2017-12307, update the affected Cisco Small Business Managed Switches software to version 1.4.9.4 or later.
What types of Cisco devices are affected by CVE-2017-12307?
CVE-2017-12307 affects multiple models including Cisco SG350-10, SG350-28, and others within the Small Business Managed Switches series.
Can CVE-2017-12307 be exploited remotely?
Yes, CVE-2017-12307 can be exploited by an unauthenticated remote attacker targeting users of the web interface.
What is the impact of a successful exploit of CVE-2017-12307?
A successful exploit of CVE-2017-12307 allows the attacker to execute arbitrary scripts in the context of the user's session.

agent/references
agent/type
agent/weakness
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco sg350-10 firmware
version/cisco sg350-10 firmware/1.4.7.0
canonical/cisco sg350-10p
version/cisco sg350-10p/1.4.7.0
canonical/cisco sg350-10mp firmware
version/cisco sg350-10mp firmware/1.4.7.0
canonical/cisco sg350-10mp
canonical/cisco sg355-10p
version/cisco sg355-10p/1.4.7.0
canonical/cisco sg350-28 firmware
version/cisco sg350-28 firmware/1.4.7.0
canonical/cisco sg350-28
canonical/cisco sg350-28p firmware
version/cisco sg350-28p firmware/1.4.7.0
canonical/cisco sg350-28p
canonical/cisco sg350-28mp firmware
version/cisco sg350-28mp firmware/1.4.7.0
canonical/cisco sg350-28mp
canonical/cisco sf350-48 firmware
version/cisco sf350-48 firmware/1.4.7.0
canonical/cisco sf350-48p firmware
version/cisco sf350-48p firmware/1.4.7.0
canonical/cisco sf350-48mp firmware
version/cisco sf350-48mp firmware/1.4.7.0
canonical/cisco sg350xg-2f10 firmware
version/cisco sg350xg-2f10 firmware/1.4.7.0
canonical/cisco sg350xg-2f10
canonical/cisco sg350xg-24f firmware
version/cisco sg350xg-24f firmware/1.4.7.0
canonical/cisco sg350xg-24t firmware
version/cisco sg350xg-24t firmware/1.4.7.0
canonical/cisco sg350xg-48t firmware
version/cisco sg350xg-48t firmware/1.4.7.0
canonical/cisco sg350x-24 firmware
version/cisco sg350x-24 firmware/1.4.7.0
canonical/cisco sg350x-24pv
canonical/cisco sg350x-24mp firmware
version/cisco sg350x-24mp firmware/1.4.7.0
canonical/cisco sg350x-24mp
canonical/cisco sg350x-48 firmware
version/cisco sg350x-48 firmware/1.4.7.0
canonical/cisco sg350x-48
canonical/cisco sg350x-48p firmware
version/cisco sg350x-48p firmware/1.4.7.0
canonical/cisco sg350x-48mp firmware
version/cisco sg350x-48mp firmware/1.4.7.0
canonical/cisco sx550x-16ft firmware
version/cisco sx550x-16ft firmware/1.4.7.0
canonical/cisco sx550x-16ft
canonical/cisco sx550x-24ft firmware
version/cisco sx550x-24ft firmware/1.4.7.0
canonical/cisco sx550x-24ft
canonical/cisco sx550x-12f firmware
version/cisco sx550x-12f firmware/1.4.7.0
canonical/cisco sx550x-24f firmware
version/cisco sx550x-24f firmware/1.4.7.0
canonical/cisco sx550x-24
canonical/cisco sx550x-52 firmware
version/cisco sx550x-52 firmware/1.4.7.0
canonical/cisco sx550x-52
canonical/cisco sg550x-24 firmware
version/cisco sg550x-24 firmware/1.4.7.0
canonical/cisco sg550x-24p firmware
version/cisco sg550x-24p firmware/1.4.7.0
canonical/cisco sg550x-24mp firmware
version/cisco sg550x-24mp firmware/1.4.7.0
canonical/cisco sg550x-24mp
canonical/cisco sg550x-24mpp firmware
version/cisco sg550x-24mpp firmware/1.4.7.0
canonical/cisco sg550x-24mpp
canonical/cisco sg550x-48mp firmware
version/cisco sg550x-48mp firmware/1.4.7.0
canonical/cisco sg550x-48t
canonical/cisco sg550x-48p firmware
version/cisco sg550x-48p firmware/1.4.7.0
canonical/cisco sg550x-48p
canonical/cisco sg550x-48mp
canonical/cisco sf550x-24 firmware
version/cisco sf550x-24 firmware/1.4.7.0
canonical/cisco sf550x-24p firmware
version/cisco sf550x-24p firmware/1.4.7.0
canonical/cisco sf550x-24p
canonical/cisco sf550x-24mp firmware
version/cisco sf550x-24mp firmware/1.4.7.0
canonical/cisco sf550x-24mp
canonical/cisco sf550x-48 firmware
version/cisco sf550x-48 firmware/1.4.7.0
canonical/cisco sf550x-48
canonical/cisco sf550x-48p firmware
version/cisco sf550x-48p firmware/1.4.7.0
canonical/cisco sf550x-48mp
canonical/cisco esw2-350g-52 firmware
version/cisco esw2-350g-52 firmware/1.4.7.0
canonical/cisco esw2-350g-52
canonical/cisco esw2-350g-52dc
version/cisco esw2-350g-52dc/1.4.7.0
canonical/cisco esw2-550x-48 firmware
version/cisco esw2-550x-48 firmware/1.4.7.0
canonical/cisco esw2-550x-48
canonical/cisco esw2-550x-48dc firmware
version/cisco esw2-550x-48dc firmware/1.4.7.0
canonical/cisco esw2-550x-48dc
canonical/cisco sf302-08pp firmware
version/cisco sf302-08pp firmware/1.4.7.0
canonical/cisco sf302-08mpp firmware
version/cisco sf302-08mpp firmware/1.4.7.0
canonical/cisco sf302-08mpp
canonical/cisco sg300-10pp firmware
version/cisco sg300-10pp firmware/1.4.7.0
canonical/cisco sg300-10mpp firmware
version/cisco sg300-10mpp firmware/1.4.7.0
canonical/cisco sf300-24pp firmware
version/cisco sf300-24pp firmware/1.4.7.0
canonical/cisco sf300-24pp
canonical/cisco sf300-48pp firmware
version/cisco sf300-48pp firmware/1.4.7.0
canonical/cisco sg300-28pp firmware
version/cisco sg300-28pp firmware/1.4.7.0
canonical/cisco sg300-28pp
canonical/cisco sf300-08 firmware
version/cisco sf300-08 firmware/1.4.7.0
canonical/cisco sf300-48p firmware
version/cisco sf300-48p firmware/1.4.7.0
canonical/cisco sg300-10mp firmware
version/cisco sg300-10mp firmware/1.4.7.0
canonical/cisco sg300-10p firmware
version/cisco sg300-10p firmware/1.4.7.0
canonical/cisco sg300-10p
canonical/cisco sg300-10 firmware
version/cisco sg300-10 firmware/1.4.7.0
canonical/cisco sg300-10
canonical/cisco sg300-28p firmware
version/cisco sg300-28p firmware/1.4.7.0
canonical/cisco sg300-28p
canonical/cisco sf300-24p
version/cisco sf300-24p/1.4.7.0
canonical/cisco sf302-08mp firmware
version/cisco sf302-08mp firmware/1.4.7.0
canonical/cisco sf302-08mp
canonical/cisco sg300-28 firmware
version/cisco sg300-28 firmware/1.4.7.0
canonical/cisco sg300-28
canonical/cisco sf300-48
canonical/cisco sg300-20 firmware
version/cisco sg300-20 firmware/1.4.7.0
canonical/cisco sf302-08p firmware
version/cisco sf302-08p firmware/1.4.7.0
canonical/cisco sg300-52 firmware
version/cisco sg300-52 firmware/1.4.7.0
canonical/cisco sg300-52
canonical/cisco sf300-24p firmware
version/cisco sf300-24p firmware/1.4.7.0
canonical/cisco sf300-24
canonical/cisco sf302-08 firmware
version/cisco sf302-08 firmware/1.4.7.0
canonical/cisco sf302-08
canonical/cisco sf300-24mp firmware
version/cisco sf300-24mp firmware/1.4.7.0
canonical/cisco sf300-24mp
canonical/cisco sg300-10sfp firmware
version/cisco sg300-10sfp firmware/1.4.7.0
canonical/cisco sg300-28mp
version/cisco sg300-28mp/1.4.7.0
canonical/cisco sg300-52p firmware
version/cisco sg300-52p firmware/1.4.7.0
canonical/cisco sg300-52p
canonical/cisco sg300-52mp firmware
version/cisco sg300-52mp firmware/1.4.7.0
canonical/cisco sg300-52mp
canonical/cisco sg500-28pp firmware
version/cisco sg500-28pp firmware/1.4.7.0
canonical/cisco sg500-28mpp firmware
canonical/cisco sg500-52mp
version/cisco sg500-52mp/1.4.7.0
canonical/cisco sg500-52
canonical/cisco sg500xg-8f8t firmware
version/cisco sg500xg-8f8t firmware/1.4.7.0
canonical/cisco sf500-24
version/cisco sf500-24/1.4.7.0
canonical/cisco sf500-24mp
canonical/cisco sf500-24p
version/cisco sf500-24p/1.4.7.0
canonical/cisco sf500-24p firmware
canonical/cisco sf500-48p firmware
version/cisco sf500-48p firmware/1.4.7.0
canonical/cisco sf500-48 firmware
canonical/cisco sg500-28
version/cisco sg500-28/1.4.7.0
canonical/cisco sg500-28p
version/cisco sg500-28p/1.4.7.0
canonical/cisco sg500-52p
version/cisco sg500-52p/1.4.7.0
canonical/cisco sg500-52 firmware
canonical/cisco sg500x-24
version/cisco sg500x-24/1.4.7.0
canonical/cisco sg500x-24p
version/cisco sg500x-24p/1.4.7.0
canonical/cisco sg500x-48
version/cisco sg500x-48/1.4.7.0
canonical/cisco sg500x-48mp firmware
canonical/cisco sg500x-48p
version/cisco sg500x-48p/1.4.7.0