Details of VAR-201702-0809

ID

VAR-201702-0809

CVE

CVE-2017-3842

TITLE

Cisco Intrusion Prevention System Device Manager of Web Vulnerabilities that display important information in the base management interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-001637

DESCRIPTION

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7. Successful exploits will allow attackers to obtain sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuh91455. The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors

Trust: 1.98

sources: NVD: CVE-2017-3842 // JVNDB: JVNDB-2017-001637 // BID: 96256 // VULHUB: VHN-112045

AFFECTED PRODUCTS

vendor:	cisco	model:	intrusion prevention system device manager	scope:	eq	version:	7.2\(1\)v7	Trust: 1.6
vendor:	cisco	model:	intrusion prevention system device manager	scope:	eq	version:	7.2(1)v7	Trust: 0.8
vendor:	cisco	model:	intrusion prevention system device manager	scope:	eq	version:	0	Trust: 0.3

sources: BID: 96256 // JVNDB: JVNDB-2017-001637 // NVD: CVE-2017-3842 // CNNVD: CNNVD-201702-677

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-3842
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201702-677
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112045
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-3842
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-112045
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	CVE-2017-3842
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-112045 // JVNDB: JVNDB-2017-001637 // NVD: CVE-2017-3842 // CNNVD: CNNVD-201702-677

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-112045 // JVNDB: JVNDB-2017-001637 // NVD: CVE-2017-3842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-677

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-677

CONFIGURATIONS

sources: NVD: CVE-2017-3842

PATCH

title:	cisco-sa-20170215-idm	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-idm	Trust: 0.8
title:	Cisco Intrusion Prevention System Device Manager Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68154	Trust: 0.6

sources: JVNDB: JVNDB-2017-001637 // CNNVD: CNNVD-201702-677

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3842	Trust: 2.8
db:	BID	id:	96256	Trust: 2.0
db:	SECTRACK	id:	1037842	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-001637	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-677	Trust: 0.7
db:	VULHUB	id:	VHN-112045	Trust: 0.1

sources: VULHUB: VHN-112045 // BID: 96256 // JVNDB: JVNDB-2017-001637 // NVD: CVE-2017-3842 // CNNVD: CNNVD-201702-677

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-idm	Trust: 2.0
url:	http://www.securityfocus.com/bid/96256	Trust: 1.7
url:	http://www.securitytracker.com/id/1037842	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3842	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3842	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2113/	Trust: 0.3

sources: VULHUB: VHN-112045 // BID: 96256 // JVNDB: JVNDB-2017-001637 // NVD: CVE-2017-3842 // CNNVD: CNNVD-201702-677

CREDITS

Cisco

Trust: 0.9

sources: BID: 96256 // CNNVD: CNNVD-201702-677

SOURCES

db:	VULHUB	id:	VHN-112045
db:	BID	id:	96256
db:	JVNDB	id:	JVNDB-2017-001637
db:	NVD	id:	CVE-2017-3842
db:	CNNVD	id:	CNNVD-201702-677

LAST UPDATE DATE

2023-12-18T13:48:41.077000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112045	date:	2017-07-25T00:00:00
db:	BID	id:	96256	date:	2017-03-07T03:05:00
db:	JVNDB	id:	JVNDB-2017-001637	date:	2017-03-10T00:00:00
db:	NVD	id:	CVE-2017-3842	date:	2017-07-25T01:29:09.420
db:	CNNVD	id:	CNNVD-201702-677	date:	2017-02-21T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112045	date:	2017-02-22T00:00:00
db:	BID	id:	96256	date:	2017-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-001637	date:	2017-03-10T00:00:00
db:	NVD	id:	CVE-2017-3842	date:	2017-02-22T02:59:00.607
db:	CNNVD	id:	CNNVD-201702-677	date:	2017-02-21T00:00:00