Details of VAR-201702-0808

ID

VAR-201702-0808

CVE

CVE-2017-3841

TITLE

Cisco Secure Access Control System of Web Vulnerabilities that expose important information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-001636

DESCRIPTION

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvc04854. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 1.98

sources: NVD: CVE-2017-3841 // JVNDB: JVNDB-2017-001636 // BID: 96237 // VULHUB: VHN-112044

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.8\(2.5\)	Trust: 1.6
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.8(2.5)	Trust: 0.8
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.8(2.5)	Trust: 0.3

sources: BID: 96237 // JVNDB: JVNDB-2017-001636 // NVD: CVE-2017-3841 // CNNVD: CNNVD-201702-658

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-3841
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201702-658
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112044
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-3841
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-112044
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2017-3841
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-112044 // JVNDB: JVNDB-2017-001636 // NVD: CVE-2017-3841 // CNNVD: CNNVD-201702-658

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-112044 // JVNDB: JVNDB-2017-001636 // NVD: CVE-2017-3841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-658

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-658

CONFIGURATIONS

sources: NVD: CVE-2017-3841

PATCH

title:	cisco-sa-20170215-acs3	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-acs3	Trust: 0.8
title:	Cisco Secure Access Control System Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68173	Trust: 0.6

sources: JVNDB: JVNDB-2017-001636 // CNNVD: CNNVD-201702-658

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3841	Trust: 2.8
db:	BID	id:	96237	Trust: 2.0
db:	SECTRACK	id:	1037838	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-001636	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-658	Trust: 0.7
db:	VULHUB	id:	VHN-112044	Trust: 0.1

sources: VULHUB: VHN-112044 // BID: 96237 // JVNDB: JVNDB-2017-001636 // NVD: CVE-2017-3841 // CNNVD: CNNVD-201702-658

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-acs3	Trust: 2.0
url:	http://www.securityfocus.com/bid/96237	Trust: 1.7
url:	http://www.securitytracker.com/id/1037838	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3841	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3841	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-112044 // BID: 96237 // JVNDB: JVNDB-2017-001636 // NVD: CVE-2017-3841 // CNNVD: CNNVD-201702-658

CREDITS

Cisco

Trust: 0.9

sources: BID: 96237 // CNNVD: CNNVD-201702-658

SOURCES

db:	VULHUB	id:	VHN-112044
db:	BID	id:	96237
db:	JVNDB	id:	JVNDB-2017-001636
db:	NVD	id:	CVE-2017-3841
db:	CNNVD	id:	CNNVD-201702-658

LAST UPDATE DATE

2023-12-18T14:05:51.108000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112044	date:	2017-07-25T00:00:00
db:	BID	id:	96237	date:	2017-03-07T04:02:00
db:	JVNDB	id:	JVNDB-2017-001636	date:	2017-03-10T00:00:00
db:	NVD	id:	CVE-2017-3841	date:	2017-07-25T01:29:09.373
db:	CNNVD	id:	CNNVD-201702-658	date:	2017-02-22T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112044	date:	2017-02-22T00:00:00
db:	BID	id:	96237	date:	2017-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-001636	date:	2017-03-10T00:00:00
db:	NVD	id:	CVE-2017-3841	date:	2017-02-22T02:59:00.573
db:	CNNVD	id:	CNNVD-201702-658	date:	2017-02-22T00:00:00