Sign-up

ID

VAR-201702-0809


CVE

CVE-2017-3842


TITLE

Cisco Intrusion Prevention System Device Manager of Web Vulnerabilities that display important information in the base management interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-001637

DESCRIPTION

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7. Successful exploits will allow attackers to obtain sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuh91455. The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors

Trust: 1.98

sources: NVD: CVE-2017-3842 // JVNDB: JVNDB-2017-001637 // BID: 96256 // VULHUB: VHN-112045

AFFECTED PRODUCTS

vendor:ciscomodel:intrusion prevention system device managerscope:eqversion:7.2\(1\)v7

Trust: 1.6

vendor:ciscomodel:intrusion prevention system device managerscope:eqversion:7.2(1)v7

Trust: 0.8

vendor:ciscomodel:intrusion prevention system device managerscope:eqversion:0

Trust: 0.3

sources: BID: 96256 // JVNDB: JVNDB-2017-001637 // CNNVD: CNNVD-201702-677 // NVD: CVE-2017-3842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3842
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3842
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201702-677
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112045
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3842
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112045
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3842
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112045 // JVNDB: JVNDB-2017-001637 // CNNVD: CNNVD-201702-677 // NVD: CVE-2017-3842

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-112045 // JVNDB: JVNDB-2017-001637 // NVD: CVE-2017-3842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-677

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-677

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001637

PATCH
title:cisco-sa-20170215-idmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm
Trust: 0.8
title:Cisco Intrusion Prevention System Device Manager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68154
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001637 // 
            
            
            
            CNNVD: CNNVD-201702-677

EXTERNAL IDS
db:NVDid:CVE-2017-3842
Trust: 2.8
db:BIDid:96256
Trust: 2.0
db:SECTRACKid:1037842
Trust: 1.1
db:JVNDBid:JVNDB-2017-001637
Trust: 0.8
db:CNNVDid:CNNVD-201702-677
Trust: 0.7
db:VULHUBid:VHN-112045
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112045 // 
            
            
            
            BID: 96256 // 
            
            
            
            JVNDB: JVNDB-2017-001637 // 
            
            
            
            CNNVD: CNNVD-201702-677 // 
            
            
            
            NVD: CVE-2017-3842

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-idm
Trust: 2.0
url:http://www.securityfocus.com/bid/96256
Trust: 1.7
url:http://www.securitytracker.com/id/1037842
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3842
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3842
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/secursw/ps2113/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112045 // 
            
            
            
            BID: 96256 // 
            
            
            
            JVNDB: JVNDB-2017-001637 // 
            
            
            
            CNNVD: CNNVD-201702-677 // 
            
            
            
            NVD: CVE-2017-3842

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 96256 // 
            
            
            
            CNNVD: CNNVD-201702-677

SOURCES
db:VULHUBid:VHN-112045
db:BIDid:96256
db:JVNDBid:JVNDB-2017-001637
db:CNNVDid:CNNVD-201702-677
db:NVDid:CVE-2017-3842

LAST UPDATE DATE
2025-04-20T23:31:03.530000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112045date:2017-07-25T00:00:00
db:BIDid:96256date:2017-03-07T03:05:00
db:JVNDBid:JVNDB-2017-001637date:2017-03-10T00:00:00
db:CNNVDid:CNNVD-201702-677date:2017-02-21T00:00:00
db:NVDid:CVE-2017-3842date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-112045date:2017-02-22T00:00:00
db:BIDid:96256date:2017-02-16T00:00:00
db:JVNDBid:JVNDB-2017-001637date:2017-03-10T00:00:00
db:CNNVDid:CNNVD-201702-677date:2017-02-21T00:00:00
db:NVDid:CVE-2017-3842date:2017-02-22T02:59:00.607