Sign-up

ID

VAR-201702-0810


CVE

CVE-2017-3843


TITLE

Cisco Prime Collaboration Assurance System file download function vulnerable to downloading system files

Trust: 0.8

sources: JVNDB: JVNDB-2017-001638

DESCRIPTION

A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0). An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCvc99446. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites

Trust: 1.98

sources: NVD: CVE-2017-3843 // JVNDB: JVNDB-2017-001638 // BID: 96248 // VULHUB: VHN-112046

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.5.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.1.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.5(0)

Trust: 0.8

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:neversion:11.6

Trust: 0.3

sources: BID: 96248 // JVNDB: JVNDB-2017-001638 // NVD: CVE-2017-3843 // CNNVD: CNNVD-201702-668

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-3843
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201702-668
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112046
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2017-3843
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-112046
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2017-3843
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-112046 // JVNDB: JVNDB-2017-001638 // NVD: CVE-2017-3843 // CNNVD: CNNVD-201702-668

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-112046 // JVNDB: JVNDB-2017-001638 // NVD: CVE-2017-3843

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-668

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201702-668

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-3843

PATCH
title:cisco-sa-20170215-pcp1url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp1
Trust: 0.8
title:Cisco Prime Collaboration Assurance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68163
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001638 // 
            
            
            
            CNNVD: CNNVD-201702-668

EXTERNAL IDS
db:NVDid:CVE-2017-3843
Trust: 2.8
db:BIDid:96248
Trust: 2.0
db:SECTRACKid:1037843
Trust: 1.1
db:JVNDBid:JVNDB-2017-001638
Trust: 0.8
db:CNNVDid:CNNVD-201702-668
Trust: 0.7
db:VULHUBid:VHN-112046
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112046 // 
            
            
            
            BID: 96248 // 
            
            
            
            JVNDB: JVNDB-2017-001638 // 
            
            
            
            NVD: CVE-2017-3843 // 
            
            
            
            CNNVD: CNNVD-201702-668

REFERENCES
url:http://www.securityfocus.com/bid/96248
Trust: 1.7
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp1
Trust: 1.7
url:http://www.securitytracker.com/id/1037843
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3843
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3843
Trust: 0.8
url:http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/collaboration/10-0/assurance/standard/guide/cisco_prime_collaboration_assurance_guide_standard_10/bk_assurance_standard_chapter_010.html
Trust: 0.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp1 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112046 // 
            
            
            
            BID: 96248 // 
            
            
            
            JVNDB: JVNDB-2017-001638 // 
            
            
            
            NVD: CVE-2017-3843 // 
            
            
            
            CNNVD: CNNVD-201702-668

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 96248 // 
            
            
            
            CNNVD: CNNVD-201702-668

SOURCES
db:VULHUBid:VHN-112046
db:BIDid:96248
db:JVNDBid:JVNDB-2017-001638
db:NVDid:CVE-2017-3843
db:CNNVDid:CNNVD-201702-668

LAST UPDATE DATE
2023-12-18T12:51:23.864000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112046date:2017-07-25T00:00:00
db:BIDid:96248date:2017-03-07T04:03:00
db:JVNDBid:JVNDB-2017-001638date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3843date:2017-07-25T01:29:09.467
db:CNNVDid:CNNVD-201702-668date:2017-02-21T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-112046date:2017-02-22T00:00:00
db:BIDid:96248date:2017-02-15T00:00:00
db:JVNDBid:JVNDB-2017-001638date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3843date:2017-02-22T02:59:00.620
db:CNNVDid:CNNVD-201702-668date:2017-02-21T00:00:00