Details of VAR-201704-0954

ID

VAR-201704-0954

CVE

CVE-2017-3884

TITLE

Cisco Prime Infrastructure and Evolved Programmable Network Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-003062

DESCRIPTION

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). Vendors have confirmed this vulnerability Bug ID CSCvc60031 , CSCvc60041 , CSCvc60095 ,and CSCvc60102 It is released as.Information may be obtained. Multiple Cisco Products are prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCvc60031, CSCvc60041, CSCvc60095 and CSCvc60102. The former is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; the latter is a set of network management solutions. The web interface is one of the web interfaces. A remote attacker could exploit this vulnerability to obtain sensitive information by sending a specially crafted HTTP request to the target application

Trust: 1.98

sources: NVD: CVE-2017-3884 // JVNDB: JVNDB-2017-003062 // BID: 97470 // VULHUB: VHN-112087

AFFECTED PRODUCTS

vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	2.0\(4.0.45d\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2\(3\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1\(5.0\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.2\(0.0\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1\(4.0\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1\(0.128\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.0.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	0	Trust: 0.3

sources: BID: 97470 // JVNDB: JVNDB-2017-003062 // NVD: CVE-2017-3884 // CNNVD: CNNVD-201704-439

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-3884
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201704-439
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112087
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-3884
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-112087
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2017-3884
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-112087 // JVNDB: JVNDB-2017-003062 // NVD: CVE-2017-3884 // CNNVD: CNNVD-201704-439

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-112087 // JVNDB: JVNDB-2017-003062 // NVD: CVE-2017-3884

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-439

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-439

CONFIGURATIONS

sources: NVD: CVE-2017-3884

PATCH

title:	cisco-sa-20170405-cpi	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-cpi	Trust: 0.8
title:	Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69162	Trust: 0.6

sources: JVNDB: JVNDB-2017-003062 // CNNVD: CNNVD-201704-439

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3884	Trust: 2.8
db:	BID	id:	97470	Trust: 2.0
db:	SECTRACK	id:	1038189	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-003062	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-439	Trust: 0.7
db:	VULHUB	id:	VHN-112087	Trust: 0.1

sources: VULHUB: VHN-112087 // BID: 97470 // JVNDB: JVNDB-2017-003062 // NVD: CVE-2017-3884 // CNNVD: CNNVD-201704-439

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-cpi	Trust: 2.0
url:	http://www.securityfocus.com/bid/97470	Trust: 1.7
url:	http://www.securitytracker.com/id/1038189	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3884	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3884	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-112087 // BID: 97470 // JVNDB: JVNDB-2017-003062 // NVD: CVE-2017-3884 // CNNVD: CNNVD-201704-439

CREDITS

Cisco

Trust: 0.3

sources: BID: 97470

SOURCES

db:	VULHUB	id:	VHN-112087
db:	BID	id:	97470
db:	JVNDB	id:	JVNDB-2017-003062
db:	NVD	id:	CVE-2017-3884
db:	CNNVD	id:	CNNVD-201704-439

LAST UPDATE DATE

2023-12-18T12:44:39.440000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112087	date:	2019-07-29T00:00:00
db:	BID	id:	97470	date:	2017-04-11T02:20:00
db:	JVNDB	id:	JVNDB-2017-003062	date:	2017-05-12T00:00:00
db:	NVD	id:	CVE-2017-3884	date:	2019-07-29T17:46:19.010
db:	CNNVD	id:	CNNVD-201704-439	date:	2019-07-30T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112087	date:	2017-04-07T00:00:00
db:	BID	id:	97470	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-003062	date:	2017-05-12T00:00:00
db:	NVD	id:	CVE-2017-3884	date:	2017-04-07T17:59:00.357
db:	CNNVD	id:	CNNVD-201704-439	date:	2017-04-11T00:00:00