Sign-up

ID

VAR-201703-0884


CVE

CVE-2017-3871


TITLE

Cisco Prime Optical for Service Providers Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-04276 // CNNVD: CNNVD-201703-845

DESCRIPTION

A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1). Cisco PrimeOOtical is a suite of services for service providers that integrate converged IP and optical transport networks. It supports automatic configuration, resource allocation and troubleshooting to help operators perform end-to-end circuit creation more efficiently. A Cisco Information Disclosure vulnerability exists for CiscoPrimeOptical for ServiceProviders. Attackers can exploit vulnerabilities to obtain sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvc65257. The web network management interface is one of the web-based network management interfaces

Trust: 2.52

sources: NVD: CVE-2017-3871 // JVNDB: JVNDB-2017-002460 // CNVD: CNVD-2017-04276 // BID: 96928 // VULHUB: VHN-112074

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04276

AFFECTED PRODUCTS

vendor:ciscomodel:prime opticalscope:eqversion:10.6\(0.1\)

Trust: 1.6

vendor:ciscomodel:prime opticalscope:eqversion:10.6(0.1)

Trust: 0.8

vendor:ciscomodel:prime optical for service providersscope: - version: -

Trust: 0.6

vendor:ciscomodel:prime optical for service providersscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-04276 // BID: 96928 // JVNDB: JVNDB-2017-002460 // CNNVD: CNNVD-201703-845 // NVD: CVE-2017-3871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3871
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3871
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-04276
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-845
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112074
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3871
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04276
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-112074
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3871
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04276 // VULHUB: VHN-112074 // JVNDB: JVNDB-2017-002460 // CNNVD: CNNVD-201703-845 // NVD: CVE-2017-3871

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-112074 // JVNDB: JVNDB-2017-002460 // NVD: CVE-2017-3871

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-845

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-845

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002460

PATCH
title:cisco-sa-20170315-cpourl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo
Trust: 0.8
title:CiscoPrimeOpticalforServiceProviders Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/91628
Trust: 0.6
title:Cisco Prime Optical for Service Providers Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68638
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04276 // 
            
            
            
            JVNDB: JVNDB-2017-002460 // 
            
            
            
            CNNVD: CNNVD-201703-845

EXTERNAL IDS
db:NVDid:CVE-2017-3871
Trust: 3.4
db:BIDid:96928
Trust: 1.4
db:JVNDBid:JVNDB-2017-002460
Trust: 0.8
db:CNNVDid:CNNVD-201703-845
Trust: 0.7
db:CNVDid:CNVD-2017-04276
Trust: 0.6
db:VULHUBid:VHN-112074
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04276 // 
            
            
            
            VULHUB: VHN-112074 // 
            
            
            
            BID: 96928 // 
            
            
            
            JVNDB: JVNDB-2017-002460 // 
            
            
            
            CNNVD: CNNVD-201703-845 // 
            
            
            
            NVD: CVE-2017-3871

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-cpo
Trust: 2.6
url:http://www.securityfocus.com/bid/96928
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3871
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3871
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04276 // 
            
            
            
            VULHUB: VHN-112074 // 
            
            
            
            BID: 96928 // 
            
            
            
            JVNDB: JVNDB-2017-002460 // 
            
            
            
            CNNVD: CNNVD-201703-845 // 
            
            
            
            NVD: CVE-2017-3871

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 96928

SOURCES
db:CNVDid:CNVD-2017-04276
db:VULHUBid:VHN-112074
db:BIDid:96928
db:JVNDBid:JVNDB-2017-002460
db:CNNVDid:CNNVD-201703-845
db:NVDid:CVE-2017-3871

LAST UPDATE DATE
2025-04-20T23:40:10.872000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04276date:2017-04-11T00:00:00
db:VULHUBid:VHN-112074date:2017-03-21T00:00:00
db:BIDid:96928date:2017-03-23T06:00:00
db:JVNDBid:JVNDB-2017-002460date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-845date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3871date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04276date:2017-04-11T00:00:00
db:VULHUBid:VHN-112074date:2017-03-17T00:00:00
db:BIDid:96928date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002460date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-845date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3871date:2017-03-17T22:59:00.377