Sign-up

ID

VAR-201702-0803


CVE

CVE-2017-3836


TITLE

Cisco Unified Communications Manager of Web Vulnerabilities that display important information in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2017-001686

DESCRIPTION

A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). Vendors have confirmed this vulnerability Bug ID CSCvb61689 It is released as.A remote attacker could display important information. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvb61689. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2017-3836 // JVNDB: JVNDB-2017-001686 // BID: 96251 // VULHUB: VHN-112039

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.11007.2\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.11007.2)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.6)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.536)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.488)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.383)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.178)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:neversion:12.0(0.98000.162)

Trust: 0.3

sources: BID: 96251 // JVNDB: JVNDB-2017-001686 // NVD: CVE-2017-3836 // CNNVD: CNNVD-201702-671

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-3836
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201702-671
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112039
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2017-3836
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-112039
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2017-3836
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-112039 // JVNDB: JVNDB-2017-001686 // NVD: CVE-2017-3836 // CNNVD: CNNVD-201702-671

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-112039 // JVNDB: JVNDB-2017-001686 // NVD: CVE-2017-3836

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-671

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-671

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-3836

PATCH
title:cisco-sa-20170215-cucm3url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-cucm3
Trust: 0.8
title:Cisco Unified Communications Manager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68160
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001686 // 
            
            
            
            CNNVD: CNNVD-201702-671

EXTERNAL IDS
db:NVDid:CVE-2017-3836
Trust: 2.8
db:BIDid:96251
Trust: 2.0
db:SECTRACKid:1037840
Trust: 1.1
db:JVNDBid:JVNDB-2017-001686
Trust: 0.8
db:CNNVDid:CNNVD-201702-671
Trust: 0.7
db:VULHUBid:VHN-112039
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112039 // 
            
            
            
            BID: 96251 // 
            
            
            
            JVNDB: JVNDB-2017-001686 // 
            
            
            
            NVD: CVE-2017-3836 // 
            
            
            
            CNNVD: CNNVD-201702-671

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-cucm3
Trust: 2.0
url:http://www.securityfocus.com/bid/96251
Trust: 1.7
url:http://www.securitytracker.com/id/1037840
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3836
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3836
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112039 // 
            
            
            
            BID: 96251 // 
            
            
            
            JVNDB: JVNDB-2017-001686 // 
            
            
            
            NVD: CVE-2017-3836 // 
            
            
            
            CNNVD: CNNVD-201702-671

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 96251 // 
            
            
            
            CNNVD: CNNVD-201702-671

SOURCES
db:VULHUBid:VHN-112039
db:BIDid:96251
db:JVNDBid:JVNDB-2017-001686
db:NVDid:CVE-2017-3836
db:CNNVDid:CNNVD-201702-671

LAST UPDATE DATE
2023-12-18T12:20:03.082000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112039date:2017-07-25T00:00:00
db:BIDid:96251date:2017-03-07T02:04:00
db:JVNDBid:JVNDB-2017-001686date:2017-03-13T00:00:00
db:NVDid:CVE-2017-3836date:2017-07-25T01:29:09.137
db:CNNVDid:CNNVD-201702-671date:2017-02-21T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-112039date:2017-02-22T00:00:00
db:BIDid:96251date:2017-02-15T00:00:00
db:JVNDBid:JVNDB-2017-001686date:2017-03-13T00:00:00
db:NVDid:CVE-2017-3836date:2017-02-22T02:59:00.417
db:CNNVDid:CNNVD-201702-671date:2017-02-21T00:00:00