{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T01:39:10.533","vulnerabilities":[{"cve":{"id":"CVE-2017-6634","sourceIdentifier":"psirt@cisco.com","published":"2017-05-22T01:29:00.320","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811."},{"lang":"es","value":"Vulnerabilidad en la interfaz web de Device Manager de Cisco Industrial Ethernet 1000 Series Switches 1.3 podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de falsificación de solicitud entre sitios (CSRF) contra un usuario de un sistema afectado. La vulnerabilidad se debe a la insuficiente protección de CSRF en la interfaz web del Administrador de dispositivos. Un atacante podría explotar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que siga un enlace malicioso o visite un sitio web controlado por un atacante. Una explotación exitosa podría permitir al atacante enviar solicitudes arbitrarias a un dispositivo afectado a través de la interfaz web del Administrador de dispositivos y con los privilegios del usuario. ID de errores de Cisco: CSCvc88811."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:industrial_ethernet_1000_series_firmware:1.3_base:*:*:*:*:*:*:*","matchCriteriaId":"B0025A86-AE05-437E-9E25-1ED9771D74EA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:ie-1000-4p2s-lm:-:*:*:*:*:*:*:*","matchCriteriaId":"676D7094-78C0-48AE-AAE7-3C6F9FB064EB"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:ie-1000-4t1t-lm:-:*:*:*:*:*:*:*","matchCriteriaId":"D10A2ED0-3DF1-484F-A496-8F6611391DAE"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:ie-1000-6t2t-lm:-:*:*:*:*:*:*:*","matchCriteriaId":"4822DF3D-09F0-4717-B495-47C25771773F"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:ie-1000-8p2s-lm:-:*:*:*:*:*:*:*","matchCriteriaId":"F677A328-AC3E-4955-B685-EF457A8CF4CA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/98524","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038517","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ie1000csrf","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/98524","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038517","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ie1000csrf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}