Sign-up

ID

VAR-201704-1329


CVE

CVE-2017-6614


TITLE

Cisco FindIT Network Probe For software Web Information disclosure vulnerability in user interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-003373

DESCRIPTION

A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628. Vendors have confirmed this vulnerability Bug ID CSCvd11628 It is released as.Information may be obtained. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks

Trust: 1.98

sources: NVD: CVE-2017-6614 // JVNDB: JVNDB-2017-003373 // BID: 97926 // VULHUB: VHN-114817

AFFECTED PRODUCTS

vendor:ciscomodel:findit network probescope:eqversion:1.0.0

Trust: 2.4

vendor:ciscomodel:findit network probescope:eqversion:0

Trust: 0.3

sources: BID: 97926 // JVNDB: JVNDB-2017-003373 // CNNVD: CNNVD-201704-1058 // NVD: CVE-2017-6614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6614
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6614
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201704-1058
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114817
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6614
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114817
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6614
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114817 // JVNDB: JVNDB-2017-003373 // CNNVD: CNNVD-201704-1058 // NVD: CVE-2017-6614

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114817 // JVNDB: JVNDB-2017-003373 // NVD: CVE-2017-6614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1058

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-1058

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003373

PATCH
title:cisco-sa-20170419-finditurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit
Trust: 0.8
title:Cisco FindIT Network Probe Software Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70698
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003373 // 
            
            
            
            CNNVD: CNNVD-201704-1058

EXTERNAL IDS
db:NVDid:CVE-2017-6614
Trust: 2.8
db:BIDid:97926
Trust: 2.0
db:JVNDBid:JVNDB-2017-003373
Trust: 0.8
db:CNNVDid:CNNVD-201704-1058
Trust: 0.7
db:VULHUBid:VHN-114817
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114817 // 
            
            
            
            BID: 97926 // 
            
            
            
            JVNDB: JVNDB-2017-003373 // 
            
            
            
            CNNVD: CNNVD-201704-1058 // 
            
            
            
            NVD: CVE-2017-6614

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-findit
Trust: 2.0
url:http://www.securityfocus.com/bid/97926
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6614
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6614
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114817 // 
            
            
            
            BID: 97926 // 
            
            
            
            JVNDB: JVNDB-2017-003373 // 
            
            
            
            CNNVD: CNNVD-201704-1058 // 
            
            
            
            NVD: CVE-2017-6614

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 97926

SOURCES
db:VULHUBid:VHN-114817
db:BIDid:97926
db:JVNDBid:JVNDB-2017-003373
db:CNNVDid:CNNVD-201704-1058
db:NVDid:CVE-2017-6614

LAST UPDATE DATE
2025-04-20T23:16:10.392000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114817date:2019-10-09T00:00:00
db:BIDid:97926date:2017-05-02T00:06:00
db:JVNDBid:JVNDB-2017-003373date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-1058date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6614date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114817date:2017-04-20T00:00:00
db:BIDid:97926date:2017-04-19T00:00:00
db:JVNDBid:JVNDB-2017-003373date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-1058date:2017-04-20T00:00:00
db:NVDid:CVE-2017-6614date:2017-04-20T22:59:00.730