CVE-2017-14386 - OpenCVE

The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	2335dn 2335dn Firmware 2355dn 2355dn Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dell:2355dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:2355dn:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:2335dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:2335dn:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3
http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-12-07T19:00:00

Updated: 2024-08-05T19:27:40.293Z

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14386

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-12-07T19:29:00.257

Modified: 2017-12-27T16:12:19.847

Link: CVE-2017-14386

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Dell 2335dn Firmware and Dell 2355DN Firmware Version V2.70.45.34, A10 and Version V2.70.06.26, A13", "vendor": "n/a", "versions": [{"status": "affected", "version": "Dell 2335dn Firmware and Dell 2355DN Firmware Version V2.70.45.34, A10 and Version V2.70.06.26, A13"}]}], "datePublic": "2017-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website."}], "problemTypes": [{"descriptions": [{"description": "Cross-site scripting vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-07T18:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-14386", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Dell 2335dn Firmware and Dell 2355DN Firmware Version V2.70.45.34, A10 and Version V2.70.06.26, A13", "version": {"version_data": [{"version_value": "Dell 2335dn Firmware and Dell 2355DN Firmware Version V2.70.45.34, A10 and Version V2.70.06.26, A13"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site scripting vulnerability"}]}]}, "references": {"reference_data": [{"name": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3", "refsource": "CONFIRM", "url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3"}, {"name": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V", "refsource": "CONFIRM", "url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:27:40.293Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-14386", "datePublished": "2017-12-07T19:00:00", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2024-08-05T19:27:40.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:2355dn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D667F590-F2E9-49BD-8B4F-78D794DFA3A0", "versionEndExcluding": "2.70.45.34_a10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:2355dn:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3CDAD04-B6C6-421B-8E81-622DE5F9C55D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:2335dn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3295BA2E-32B7-4054-A3DB-DF69BF8DFDAE", "versionEndExcluding": "2.70.06.26_a13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:2335dn:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5F3DDB0-4163-4D43-909A-21852E71ECFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website."}, {"lang": "es", "value": "La interfaz de usuario web de las impresoras l\u00e1ser multifunci\u00f3n Dell 2335dn y 2355dn, con versiones de firmware anteriores a la V2.70.06.26 A13 y a la V2.70.45.34 A10 respectivamente, se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS). Los atacantes podr\u00edan explotar esta vulnerabilidad para ejecutar HTML o c\u00f3digo JavaScript arbitrarios en la sesi\u00f3n del buscador del usuario, en el contexto de la p\u00e1gina web afectada."}], "id": "CVE-2017-14386", "lastModified": "2017-12-27T16:12:19.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-07T19:29:00.257", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}