Sign-up

ID

VAR-201707-0902


CVE

CVE-2017-6730


TITLE

Cisco Wide Area Application Services Central Manager of Web Base of GUI Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-005625

DESCRIPTION

A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17. Vendors have confirmed this vulnerability Bug ID CSCvd87574 It is released as.Information may be obtained. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvd87574. This software is mainly used in the link environment with small bandwidth and large delay. A remote attacker could exploit this vulnerability to retrieve completed reports from an affected system

Trust: 1.98

sources: NVD: CVE-2017-6730 // JVNDB: JVNDB-2017-005625 // BID: 99481 // VULHUB: VHN-114933

AFFECTED PRODUCTS

vendor:ciscomodel:wide area application servicesscope:eqversion:6.2\(3\)

Trust: 1.6

vendor:ciscomodel:wide area application servicesscope:eqversion:4.4\(7\)

Trust: 1.6

vendor:ciscomodel:wide area application servicesscope:eqversion:6.2\(1\)

Trust: 1.6

vendor:ciscomodel:wide area application services softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wide area application services modulesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wide area application services appliancesscope:eqversion:6.2(3)

Trust: 0.3

vendor:ciscomodel:wide area application services appliancesscope:eqversion:6.2(1)

Trust: 0.3

vendor:ciscomodel:wide area application services appliancesscope:eqversion:4.4(7)

Trust: 0.3

vendor:ciscomodel:wide area application services appliancesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:virtual wide area application servicesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wide area application services appliancesscope:neversion:6.3(0.228)

Trust: 0.3

vendor:ciscomodel:wide area application services appliancesscope:neversion:6.3(0.226)

Trust: 0.3

vendor:ciscomodel:wide area application services appliances 6.2 8scope:neversion: -

Trust: 0.3

vendor:ciscomodel:wide area application services appliances 5.5 17scope:neversion: -

Trust: 0.3

sources: BID: 99481 // JVNDB: JVNDB-2017-005625 // CNNVD: CNNVD-201707-391 // NVD: CVE-2017-6730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6730
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6730
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201707-391
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114933
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6730
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114933
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6730
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114933 // JVNDB: JVNDB-2017-005625 // CNNVD: CNNVD-201707-391 // NVD: CVE-2017-6730

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114933 // JVNDB: JVNDB-2017-005625 // NVD: CVE-2017-6730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-391

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201707-391

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005625

PATCH
title:cisco-sa-20170705-waas1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas1
Trust: 0.8
title:Cisco Wide Area Application Services Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71589
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005625 // 
            
            
            
            CNNVD: CNNVD-201707-391

EXTERNAL IDS
db:NVDid:CVE-2017-6730
Trust: 2.8
db:BIDid:99481
Trust: 1.4
db:SECTRACKid:1038825
Trust: 1.1
db:JVNDBid:JVNDB-2017-005625
Trust: 0.8
db:CNNVDid:CNNVD-201707-391
Trust: 0.7
db:NSFOCUSid:37067
Trust: 0.6
db:VULHUBid:VHN-114933
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114933 // 
            
            
            
            BID: 99481 // 
            
            
            
            JVNDB: JVNDB-2017-005625 // 
            
            
            
            CNNVD: CNNVD-201707-391 // 
            
            
            
            NVD: CVE-2017-6730

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-waas1
Trust: 2.0
url:http://www.securityfocus.com/bid/99481
Trust: 1.1
url:http://www.securitytracker.com/id/1038825
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6730
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6730
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37067
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114933 // 
            
            
            
            BID: 99481 // 
            
            
            
            JVNDB: JVNDB-2017-005625 // 
            
            
            
            CNNVD: CNNVD-201707-391 // 
            
            
            
            NVD: CVE-2017-6730

CREDITS
Aaron Blair
Trust: 0.3
sources:
            
            
            BID: 99481

SOURCES
db:VULHUBid:VHN-114933
db:BIDid:99481
db:JVNDBid:JVNDB-2017-005625
db:CNNVDid:CNNVD-201707-391
db:NVDid:CVE-2017-6730

LAST UPDATE DATE
2025-04-20T23:32:52.506000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114933date:2017-07-16T00:00:00
db:BIDid:99481date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-005625date:2017-08-02T00:00:00
db:CNNVDid:CNNVD-201707-391date:2017-07-11T00:00:00
db:NVDid:CVE-2017-6730date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114933date:2017-07-10T00:00:00
db:BIDid:99481date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-005625date:2017-08-02T00:00:00
db:CNNVDid:CNNVD-201707-391date:2017-07-11T00:00:00
db:NVDid:CVE-2017-6730date:2017-07-10T20:29:00.593