Sign-up

ID

VAR-201702-0801


CVE

CVE-2017-3801


TITLE

Cisco UCS Director of Web Base of GUI Vulnerable to elevation of privilege

Trust: 0.8

sources: JVNDB: JVNDB-2017-001675

DESCRIPTION

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765. An attacker can leverage this issue to gain elevated privileges. This may aid in further attacks. Cisco UCS Director versions 6.0.0.0 and 6.0.0.1 are vulnerable. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost. A local attacker could exploit this vulnerability to perform arbitrary operations

Trust: 1.98

sources: NVD: CVE-2017-3801 // JVNDB: JVNDB-2017-001675 // BID: 96235 // VULHUB: VHN-112004

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system directorscope:eqversion:6.0.0.0

Trust: 2.4

vendor:ciscomodel:unified computing system directorscope:eqversion:6.0.0.1

Trust: 2.4

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.1

Trust: 0.3

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.0

Trust: 0.3

vendor:ciscomodel:ucs directorscope:neversion:6.0.1.0

Trust: 0.3

sources: BID: 96235 // JVNDB: JVNDB-2017-001675 // NVD: CVE-2017-3801 // CNNVD: CNNVD-201702-544

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-3801
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201702-544
value: HIGH

Trust: 0.6

VULHUB: VHN-112004
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2017-3801
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-112004
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-3801
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-112004 // JVNDB: JVNDB-2017-001675 // NVD: CVE-2017-3801 // CNNVD: CNNVD-201702-544

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-112004 // JVNDB: JVNDB-2017-001675 // NVD: CVE-2017-3801

THREAT TYPE

local

Trust: 0.9

sources: BID: 96235 // CNNVD: CNNVD-201702-544

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201702-544

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-3801

PATCH
title:cisco-sa-20170215-ucsurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-ucs
Trust: 0.8
title:Cisco UCS Director Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68220
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001675 // 
            
            
            
            CNNVD: CNNVD-201702-544

EXTERNAL IDS
db:NVDid:CVE-2017-3801
Trust: 2.8
db:BIDid:96235
Trust: 2.0
db:SECTRACKid:1037830
Trust: 1.7
db:JVNDBid:JVNDB-2017-001675
Trust: 0.8
db:CNNVDid:CNNVD-201702-544
Trust: 0.7
db:VULHUBid:VHN-112004
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112004 // 
            
            
            
            BID: 96235 // 
            
            
            
            JVNDB: JVNDB-2017-001675 // 
            
            
            
            NVD: CVE-2017-3801 // 
            
            
            
            CNNVD: CNNVD-201702-544

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-ucs
Trust: 2.0
url:http://www.securityfocus.com/bid/96235
Trust: 1.7
url:http://www.securitytracker.com/id/1037830
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3801
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3801
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112004 // 
            
            
            
            BID: 96235 // 
            
            
            
            JVNDB: JVNDB-2017-001675 // 
            
            
            
            NVD: CVE-2017-3801 // 
            
            
            
            CNNVD: CNNVD-201702-544

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 96235

SOURCES
db:VULHUBid:VHN-112004
db:BIDid:96235
db:JVNDBid:JVNDB-2017-001675
db:NVDid:CVE-2017-3801
db:CNNVDid:CNNVD-201702-544

LAST UPDATE DATE
2023-12-18T13:44:09.976000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112004date:2019-10-03T00:00:00
db:BIDid:96235date:2017-03-07T04:02:00
db:JVNDBid:JVNDB-2017-001675date:2017-03-13T00:00:00
db:NVDid:CVE-2017-3801date:2019-10-03T00:03:26.223
db:CNNVDid:CNNVD-201702-544date:2019-10-23T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-112004date:2017-02-15T00:00:00
db:BIDid:96235date:2017-02-15T00:00:00
db:JVNDBid:JVNDB-2017-001675date:2017-03-13T00:00:00
db:NVDid:CVE-2017-3801date:2017-02-15T20:59:00.147
db:CNNVDid:CNNVD-201702-544date:2017-02-17T00:00:00