CVE-2017-12308: Input Validation
First published: Thu Jan 18 2018(Updated: )
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SG350-10 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350-10P | ||
| Cisco SG350-10P | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350-10P | ||
| Cisco SG350-10MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350-10MP | ||
| Cisco SG355-10P | >=1.4.7.0<1.4.9.4 | |
| Cisco SG355-10P | ||
| Cisco SG350-28 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350-28 | ||
| Cisco SG350-28P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350-28P | ||
| Cisco SG350-28MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350-28MP | ||
| Cisco SF350-48 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF350-48P Firmware | ||
| Cisco SF350-48P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF350-48P Firmware | ||
| Cisco SF350-48MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF350-48MP Firmware | ||
| Cisco SG350XG-2F10 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350XG-2F10 | ||
| Cisco SG350XG-24F Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350XG-24F Firmware | ||
| Cisco SG350XG-24T Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350XG-24T Firmware | ||
| Cisco SG350XG-48T Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350XG-48T Firmware | ||
| Cisco SG350X-24 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350X-24 Firmware | ||
| Cisco SG350X-24 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350X-24PV | ||
| Cisco SG350X-24MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350X-24MP | ||
| Cisco SG350X-48 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350X-48 | ||
| Cisco SG350X-48P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350X-48P Firmware | ||
| Cisco SG350X-48MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG350X-48MP Firmware | ||
| Cisco SX550X-16FT Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SX550X-16FT | ||
| Cisco SX550X-24FT Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SX550X-24FT | ||
| Cisco SX550X-12F Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SX550X-12F Firmware | ||
| Cisco SX550X-24F Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SX550X-24F Firmware | ||
| Cisco SX550X-24FT Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SX550X-24 | ||
| Cisco SX550X-52 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SX550X-52 | ||
| Cisco SG550X-24 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG550X-24 Firmware | ||
| Cisco SG550X-24P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG550X-24P Firmware | ||
| Cisco SG550X-24MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG550X-24MP | ||
| Cisco SG550X-24MPP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG550X-24MPP | ||
| Cisco SG550X-48MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG550X-48T | ||
| Cisco SG550X-48P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG550X-48P | ||
| Cisco SG550X-48MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG550X-48MP | ||
| Cisco SF550X-24 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF550X-24 Firmware | ||
| Cisco SF550X-24P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF550X-24P | ||
| Cisco SF550X-24MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF550X-24MP | ||
| Cisco SF550X-48 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF550X-48 | ||
| Cisco SF550X-48P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG550X-48P | ||
| Cisco SG550X-48MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF550X-48MP | ||
| Cisco ESW2-350G-52 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco ESW2-350G-52 | ||
| Cisco ESW2-350G-52DC | >=1.4.7.0<1.4.9.4 | |
| Cisco ESW2-350G-52DC | ||
| Cisco ESW2-550X-48 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco ESW2-550X-48 | ||
| Cisco ESW2-550X-48DC Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco ESW2-550X-48DC | ||
| Cisco SF302-08PP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF302-08PP Firmware | ||
| Cisco SF302-08MPP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF302-08MPP | ||
| Cisco SG300-10PP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-10PP Firmware | ||
| Cisco SG300-10MPP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-10MPP Firmware | ||
| Cisco SF300-24PP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF300-24PP | ||
| Cisco SF300-48PP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF300-48PP Firmware | ||
| Cisco SG300-28PP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-28PP | ||
| Cisco SF300-08 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF300-08 Firmware | ||
| Cisco SF300-48P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF300-48P Firmware | ||
| Cisco SG300-10MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-10MP Firmware | ||
| Cisco SG300-10P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-10P | ||
| Cisco SG300-10 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-10 | ||
| Cisco SG300-28P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-28P | ||
| Cisco SF300-24P | >=1.4.7.0<1.4.9.4 | |
| Cisco SF300-24P | ||
| Cisco SF302-08MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF302-08MP | ||
| Cisco SG300-28 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-28 | ||
| Cisco SF300-48P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF300-48 | ||
| Cisco SG300-20 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-20 Firmware | ||
| Cisco SF302-08P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF302-08P Firmware | ||
| Cisco SG300-52 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-52 | ||
| Cisco SF300-24P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF300-24 | ||
| Cisco SF302-08 Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF302-08 | ||
| Cisco sf300-24mp firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF300-24MP | ||
| Cisco SG300-10SFP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-10SFP Firmware | ||
| Cisco SG300-28MP | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-28MP | ||
| Cisco SG300-52P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-52P | ||
| Cisco SG300-52MP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG300-52MP | ||
| Cisco SG500-28PP Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500-28MPP Firmware | ||
| Cisco SG500-52MP | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500-52 | ||
| Cisco SG500XG-8F8T Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500XG-8F8T Firmware | ||
| Cisco SF500-24 | >=1.4.7.0<1.4.9.4 | |
| Cisco SF500-24MP | ||
| Cisco SF500-24P | >=1.4.7.0<1.4.9.4 | |
| Cisco SF500-24P Firmware | ||
| Cisco SF500-48P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF500-48 Firmware | ||
| Cisco SF500-48P Firmware | >=1.4.7.0<1.4.9.4 | |
| Cisco SF500-48 Firmware | ||
| Cisco SG500-28 | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500-28PP Firmware | ||
| Cisco SG500-28P | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500-28P | ||
| Cisco SG500-52P | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500-52 Firmware | ||
| Cisco SG500-52P | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500-52P | ||
| Cisco SG500X-24 | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500X-24P | ||
| Cisco SG500X-24P | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500X-24P | ||
| Cisco SG500X-48 | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500X-48MP Firmware | ||
| Cisco SG500X-48P | >=1.4.7.0<1.4.9.4 | |
| Cisco SG500X-48P |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12308?
CVE-2017-12308 has a medium severity rating that may allow attackers to conduct HTTP response splitting attacks.
How do I fix CVE-2017-12308?
To fix CVE-2017-12308, upgrade the affected Cisco Small Business Managed Switches to a patched version of the firmware beyond 1.4.9.4.
Which Cisco devices are affected by CVE-2017-12308?
CVE-2017-12308 affects several models including Cisco SG350, SG355, and SF350 series with specific firmware versions.
Can CVE-2017-12308 be exploited remotely?
Yes, CVE-2017-12308 can be exploited by unauthenticated remote attackers through the web interface of the affected devices.
What are the implications of CVE-2017-12308?
Exploiting CVE-2017-12308 could lead to session hijacking and content injection on the systems using the vulnerable Cisco firmware.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco sg350-10 firmware
- version/cisco sg350-10 firmware/1.4.7.0
- canonical/cisco sg350-10p
- version/cisco sg350-10p/1.4.7.0
- canonical/cisco sg350-10mp firmware
- version/cisco sg350-10mp firmware/1.4.7.0
- canonical/cisco sg350-10mp
- canonical/cisco sg355-10p
- version/cisco sg355-10p/1.4.7.0
- canonical/cisco sg350-28 firmware
- version/cisco sg350-28 firmware/1.4.7.0
- canonical/cisco sg350-28
- canonical/cisco sg350-28p firmware
- version/cisco sg350-28p firmware/1.4.7.0
- canonical/cisco sg350-28p
- canonical/cisco sg350-28mp firmware
- version/cisco sg350-28mp firmware/1.4.7.0
- canonical/cisco sg350-28mp
- canonical/cisco sf350-48 firmware
- version/cisco sf350-48 firmware/1.4.7.0
- canonical/cisco sf350-48p firmware
- version/cisco sf350-48p firmware/1.4.7.0
- canonical/cisco sf350-48mp firmware
- version/cisco sf350-48mp firmware/1.4.7.0
- canonical/cisco sg350xg-2f10 firmware
- version/cisco sg350xg-2f10 firmware/1.4.7.0
- canonical/cisco sg350xg-2f10
- canonical/cisco sg350xg-24f firmware
- version/cisco sg350xg-24f firmware/1.4.7.0
- canonical/cisco sg350xg-24t firmware
- version/cisco sg350xg-24t firmware/1.4.7.0
- canonical/cisco sg350xg-48t firmware
- version/cisco sg350xg-48t firmware/1.4.7.0
- canonical/cisco sg350x-24 firmware
- version/cisco sg350x-24 firmware/1.4.7.0
- canonical/cisco sg350x-24pv
- canonical/cisco sg350x-24mp firmware
- version/cisco sg350x-24mp firmware/1.4.7.0
- canonical/cisco sg350x-24mp
- canonical/cisco sg350x-48 firmware
- version/cisco sg350x-48 firmware/1.4.7.0
- canonical/cisco sg350x-48
- canonical/cisco sg350x-48p firmware
- version/cisco sg350x-48p firmware/1.4.7.0
- canonical/cisco sg350x-48mp firmware
- version/cisco sg350x-48mp firmware/1.4.7.0
- canonical/cisco sx550x-16ft firmware
- version/cisco sx550x-16ft firmware/1.4.7.0
- canonical/cisco sx550x-16ft
- canonical/cisco sx550x-24ft firmware
- version/cisco sx550x-24ft firmware/1.4.7.0
- canonical/cisco sx550x-24ft
- canonical/cisco sx550x-12f firmware
- version/cisco sx550x-12f firmware/1.4.7.0
- canonical/cisco sx550x-24f firmware
- version/cisco sx550x-24f firmware/1.4.7.0
- canonical/cisco sx550x-24
- canonical/cisco sx550x-52 firmware
- version/cisco sx550x-52 firmware/1.4.7.0
- canonical/cisco sx550x-52
- canonical/cisco sg550x-24 firmware
- version/cisco sg550x-24 firmware/1.4.7.0
- canonical/cisco sg550x-24p firmware
- version/cisco sg550x-24p firmware/1.4.7.0
- canonical/cisco sg550x-24mp firmware
- version/cisco sg550x-24mp firmware/1.4.7.0
- canonical/cisco sg550x-24mp
- canonical/cisco sg550x-24mpp firmware
- version/cisco sg550x-24mpp firmware/1.4.7.0
- canonical/cisco sg550x-24mpp
- canonical/cisco sg550x-48mp firmware
- version/cisco sg550x-48mp firmware/1.4.7.0
- canonical/cisco sg550x-48t
- canonical/cisco sg550x-48p firmware
- version/cisco sg550x-48p firmware/1.4.7.0
- canonical/cisco sg550x-48p
- canonical/cisco sg550x-48mp
- canonical/cisco sf550x-24 firmware
- version/cisco sf550x-24 firmware/1.4.7.0
- canonical/cisco sf550x-24p firmware
- version/cisco sf550x-24p firmware/1.4.7.0
- canonical/cisco sf550x-24p
- canonical/cisco sf550x-24mp firmware
- version/cisco sf550x-24mp firmware/1.4.7.0
- canonical/cisco sf550x-24mp
- canonical/cisco sf550x-48 firmware
- version/cisco sf550x-48 firmware/1.4.7.0
- canonical/cisco sf550x-48
- canonical/cisco sf550x-48p firmware
- version/cisco sf550x-48p firmware/1.4.7.0
- canonical/cisco sf550x-48mp
- canonical/cisco esw2-350g-52 firmware
- version/cisco esw2-350g-52 firmware/1.4.7.0
- canonical/cisco esw2-350g-52
- canonical/cisco esw2-350g-52dc
- version/cisco esw2-350g-52dc/1.4.7.0
- canonical/cisco esw2-550x-48 firmware
- version/cisco esw2-550x-48 firmware/1.4.7.0
- canonical/cisco esw2-550x-48
- canonical/cisco esw2-550x-48dc firmware
- version/cisco esw2-550x-48dc firmware/1.4.7.0
- canonical/cisco esw2-550x-48dc
- canonical/cisco sf302-08pp firmware
- version/cisco sf302-08pp firmware/1.4.7.0
- canonical/cisco sf302-08mpp firmware
- version/cisco sf302-08mpp firmware/1.4.7.0
- canonical/cisco sf302-08mpp
- canonical/cisco sg300-10pp firmware
- version/cisco sg300-10pp firmware/1.4.7.0
- canonical/cisco sg300-10mpp firmware
- version/cisco sg300-10mpp firmware/1.4.7.0
- canonical/cisco sf300-24pp firmware
- version/cisco sf300-24pp firmware/1.4.7.0
- canonical/cisco sf300-24pp
- canonical/cisco sf300-48pp firmware
- version/cisco sf300-48pp firmware/1.4.7.0
- canonical/cisco sg300-28pp firmware
- version/cisco sg300-28pp firmware/1.4.7.0
- canonical/cisco sg300-28pp
- canonical/cisco sf300-08 firmware
- version/cisco sf300-08 firmware/1.4.7.0
- canonical/cisco sf300-48p firmware
- version/cisco sf300-48p firmware/1.4.7.0
- canonical/cisco sg300-10mp firmware
- version/cisco sg300-10mp firmware/1.4.7.0
- canonical/cisco sg300-10p firmware
- version/cisco sg300-10p firmware/1.4.7.0
- canonical/cisco sg300-10p
- canonical/cisco sg300-10 firmware
- version/cisco sg300-10 firmware/1.4.7.0
- canonical/cisco sg300-10
- canonical/cisco sg300-28p firmware
- version/cisco sg300-28p firmware/1.4.7.0
- canonical/cisco sg300-28p
- canonical/cisco sf300-24p
- version/cisco sf300-24p/1.4.7.0
- canonical/cisco sf302-08mp firmware
- version/cisco sf302-08mp firmware/1.4.7.0
- canonical/cisco sf302-08mp
- canonical/cisco sg300-28 firmware
- version/cisco sg300-28 firmware/1.4.7.0
- canonical/cisco sg300-28
- canonical/cisco sf300-48
- canonical/cisco sg300-20 firmware
- version/cisco sg300-20 firmware/1.4.7.0
- canonical/cisco sf302-08p firmware
- version/cisco sf302-08p firmware/1.4.7.0
- canonical/cisco sg300-52 firmware
- version/cisco sg300-52 firmware/1.4.7.0
- canonical/cisco sg300-52
- canonical/cisco sf300-24p firmware
- version/cisco sf300-24p firmware/1.4.7.0
- canonical/cisco sf300-24
- canonical/cisco sf302-08 firmware
- version/cisco sf302-08 firmware/1.4.7.0
- canonical/cisco sf302-08
- canonical/cisco sf300-24mp firmware
- version/cisco sf300-24mp firmware/1.4.7.0
- canonical/cisco sf300-24mp
- canonical/cisco sg300-10sfp firmware
- version/cisco sg300-10sfp firmware/1.4.7.0
- canonical/cisco sg300-28mp
- version/cisco sg300-28mp/1.4.7.0
- canonical/cisco sg300-52p firmware
- version/cisco sg300-52p firmware/1.4.7.0
- canonical/cisco sg300-52p
- canonical/cisco sg300-52mp firmware
- version/cisco sg300-52mp firmware/1.4.7.0
- canonical/cisco sg300-52mp
- canonical/cisco sg500-28pp firmware
- version/cisco sg500-28pp firmware/1.4.7.0
- canonical/cisco sg500-28mpp firmware
- canonical/cisco sg500-52mp
- version/cisco sg500-52mp/1.4.7.0
- canonical/cisco sg500-52
- canonical/cisco sg500xg-8f8t firmware
- version/cisco sg500xg-8f8t firmware/1.4.7.0
- canonical/cisco sf500-24
- version/cisco sf500-24/1.4.7.0
- canonical/cisco sf500-24mp
- canonical/cisco sf500-24p
- version/cisco sf500-24p/1.4.7.0
- canonical/cisco sf500-24p firmware
- canonical/cisco sf500-48p firmware
- version/cisco sf500-48p firmware/1.4.7.0
- canonical/cisco sf500-48 firmware
- canonical/cisco sg500-28
- version/cisco sg500-28/1.4.7.0
- canonical/cisco sg500-28p
- version/cisco sg500-28p/1.4.7.0
- canonical/cisco sg500-52p
- version/cisco sg500-52p/1.4.7.0
- canonical/cisco sg500-52 firmware
- canonical/cisco sg500x-24
- version/cisco sg500x-24/1.4.7.0
- canonical/cisco sg500x-24p
- version/cisco sg500x-24p/1.4.7.0
- canonical/cisco sg500x-48
- version/cisco sg500x-48/1.4.7.0
- canonical/cisco sg500x-48mp firmware
- canonical/cisco sg500x-48p
- version/cisco sg500x-48p/1.4.7.0