Sign-up

ID

VAR-201704-0959


CVE

CVE-2017-3889


TITLE

Cisco Registered Envelope Service of Web Input validation vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-003070

DESCRIPTION

A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. Vendors have confirmed this vulnerability Bug ID CSCvc60123 It is released as.Information may be obtained and information may be altered. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvc60123. The product includes read receipts for mail, mail recycling, mail forwarding and replying, and smartphone support. The vulnerability stems from the fact that the program does not correctly perform input validation on the parameters in the HTTP request

Trust: 1.98

sources: NVD: CVE-2017-3889 // JVNDB: JVNDB-2017-003070 // BID: 97433 // VULHUB: VHN-112092

AFFECTED PRODUCTS

vendor:ciscomodel:registered envelope servicescope:eqversion:5.1.0-015

Trust: 2.7

sources: BID: 97433 // JVNDB: JVNDB-2017-003070 // CNNVD: CNNVD-201704-434 // NVD: CVE-2017-3889

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3889
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3889
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201704-434
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112092
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3889
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112092
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3889
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112092 // JVNDB: JVNDB-2017-003070 // CNNVD: CNNVD-201704-434 // NVD: CVE-2017-3889

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-601

Trust: 1.1

sources: VULHUB: VHN-112092 // JVNDB: JVNDB-2017-003070 // NVD: CVE-2017-3889

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-434

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-434

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003070

PATCH
title:cisco-sa-20170405-resurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res
Trust: 0.8
title:Cisco Registered Envelope Service Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73816
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003070 // 
            
            
            
            CNNVD: CNNVD-201704-434

EXTERNAL IDS
db:NVDid:CVE-2017-3889
Trust: 2.8
db:BIDid:97433
Trust: 1.4
db:JVNDBid:JVNDB-2017-003070
Trust: 0.8
db:NSFOCUSid:36306
Trust: 0.6
db:CNNVDid:CNNVD-201704-434
Trust: 0.6
db:VULHUBid:VHN-112092
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112092 // 
            
            
            
            BID: 97433 // 
            
            
            
            JVNDB: JVNDB-2017-003070 // 
            
            
            
            CNNVD: CNNVD-201704-434 // 
            
            
            
            NVD: CVE-2017-3889

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-res
Trust: 2.0
url:http://www.securityfocus.com/bid/97433
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3889
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3889
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36306
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112092 // 
            
            
            
            BID: 97433 // 
            
            
            
            JVNDB: JVNDB-2017-003070 // 
            
            
            
            CNNVD: CNNVD-201704-434 // 
            
            
            
            NVD: CVE-2017-3889

CREDITS
Jim Guma
Trust: 0.3
sources:
            
            
            BID: 97433

SOURCES
db:VULHUBid:VHN-112092
db:BIDid:97433
db:JVNDBid:JVNDB-2017-003070
db:CNNVDid:CNNVD-201704-434
db:NVDid:CVE-2017-3889

LAST UPDATE DATE
2025-04-20T23:05:09.939000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112092date:2017-04-14T00:00:00
db:BIDid:97433date:2017-04-11T00:03:00
db:JVNDBid:JVNDB-2017-003070date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-434date:2017-08-31T00:00:00
db:NVDid:CVE-2017-3889date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-112092date:2017-04-07T00:00:00
db:BIDid:97433date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-003070date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-434date:2017-04-07T00:00:00
db:NVDid:CVE-2017-3889date:2017-04-07T17:59:00.513