Sign-up

ID

VAR-201702-0811


CVE

CVE-2017-3844


TITLE

Cisco Prime Collaboration Assurance Vulnerable to display file directory list in user interface export function

Trust: 0.8

sources: JVNDB: JVNDB-2017-001639

DESCRIPTION

A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0). Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvc86238. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. A security vulnerability exists in the 'exporting' function of the user page in Cisco PCA Releases 11.0, 11.1, and 11.5 due to the program not properly validating HTTP requests

Trust: 2.07

sources: NVD: CVE-2017-3844 // JVNDB: JVNDB-2017-001639 // BID: 96247 // VULHUB: VHN-112047 // VULMON: CVE-2017-3844

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.5.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.1.0

Trust: 1.6

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.5

Trust: 1.1

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.1

Trust: 1.1

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.0

Trust: 1.1

vendor:ciscomodel:prime collaboration assurancescope:neversion:11.6

Trust: 0.3

sources: BID: 96247 // JVNDB: JVNDB-2017-001639 // NVD: CVE-2017-3844 // CNNVD: CNNVD-201702-667

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-3844
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201702-667
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112047
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-3844
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2017-3844
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

VULHUB: VHN-112047
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2017-3844
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-112047 // VULMON: CVE-2017-3844 // JVNDB: JVNDB-2017-001639 // NVD: CVE-2017-3844 // CNNVD: CNNVD-201702-667

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-112047 // JVNDB: JVNDB-2017-001639 // NVD: CVE-2017-3844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-667

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201702-667

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-3844

PATCH
title:cisco-sa-20170215-pcp2url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp2
Trust: 0.8
title:Cisco Prime Collaboration Assurance Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68164
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-001639 // 
            
            
            
            CNNVD: CNNVD-201702-667

EXTERNAL IDS
db:NVDid:CVE-2017-3844
Trust: 2.9
db:BIDid:96247
Trust: 2.1
db:SECTRACKid:1037843
Trust: 1.2
db:JVNDBid:JVNDB-2017-001639
Trust: 0.8
db:CNNVDid:CNNVD-201702-667
Trust: 0.7
db:VULHUBid:VHN-112047
Trust: 0.1
db:VULMONid:CVE-2017-3844
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112047 // 
            
            
            
            VULMON: CVE-2017-3844 // 
            
            
            
            BID: 96247 // 
            
            
            
            JVNDB: JVNDB-2017-001639 // 
            
            
            
            NVD: CVE-2017-3844 // 
            
            
            
            CNNVD: CNNVD-201702-667

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp2
Trust: 2.1
url:http://www.securityfocus.com/bid/96247
Trust: 1.9
url:http://www.securitytracker.com/id/1037843
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3844
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3844
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112047 // 
            
            
            
            VULMON: CVE-2017-3844 // 
            
            
            
            BID: 96247 // 
            
            
            
            JVNDB: JVNDB-2017-001639 // 
            
            
            
            NVD: CVE-2017-3844 // 
            
            
            
            CNNVD: CNNVD-201702-667

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 96247 // 
            
            
            
            CNNVD: CNNVD-201702-667

SOURCES
db:VULHUBid:VHN-112047
db:VULMONid:CVE-2017-3844
db:BIDid:96247
db:JVNDBid:JVNDB-2017-001639
db:NVDid:CVE-2017-3844
db:CNNVDid:CNNVD-201702-667

LAST UPDATE DATE
2023-12-18T12:51:23.832000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112047date:2017-07-25T00:00:00
db:VULMONid:CVE-2017-3844date:2017-07-25T00:00:00
db:BIDid:96247date:2017-03-07T01:03:00
db:JVNDBid:JVNDB-2017-001639date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3844date:2017-07-25T01:29:09.513
db:CNNVDid:CNNVD-201702-667date:2017-02-21T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-112047date:2017-02-22T00:00:00
db:VULMONid:CVE-2017-3844date:2017-02-22T00:00:00
db:BIDid:96247date:2017-02-15T00:00:00
db:JVNDBid:JVNDB-2017-001639date:2017-03-10T00:00:00
db:NVDid:CVE-2017-3844date:2017-02-22T02:59:00.653
db:CNNVDid:CNNVD-201702-667date:2017-02-21T00:00:00