Details of VAR-201707-0904

ID

VAR-201707-0904

CVE

CVE-2017-6732

TITLE

Cisco Prime Network Permission in the software installation procedure root Vulnerability promoted to

Trust: 0.8

sources: JVNDB: JVNDB-2017-005627

DESCRIPTION

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd47343 It is released as.Authenticated by local attackers root May be promoted to. Cisco PrimeNetwork is an integrated component of Cisco PrimeforIPNGNsuite and is a stand-alone product. This issue is being tracked by Cisco Bug ID CSCvd47343. The installation procedure is one of the installation configuration procedures. The vulnerability stems from the fact that the program does not have the correct installation binary file and does not have the correct permission to configure the binary file

Trust: 2.52

sources: NVD: CVE-2017-6732 // JVNDB: JVNDB-2017-005627 // CNVD: CNVD-2017-14610 // BID: 99457 // VULHUB: VHN-114935

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-14610

AFFECTED PRODUCTS

vendor:	cisco	model:	prime network	scope:	eq	version:	4.3\(0.0\)pp4	Trust: 1.6
vendor:	cisco	model:	prime network	scope:	eq	version:	4.2\(3.0\)pp6	Trust: 1.6
vendor:	cisco	model:	prime network	scope:	eq	version:	4.3\(1.0\)pp2	Trust: 1.6
vendor:	cisco	model:	prime network	scope:	eq	version:	4.2\(2.1\)pp1	Trust: 1.6
vendor:	cisco	model:	prime network	scope:	eq	version:	4.2(2.1)pp1	Trust: 0.8
vendor:	cisco	model:	prime network	scope:	eq	version:	4.2(3.0)pp6	Trust: 0.8
vendor:	cisco	model:	prime network	scope:	eq	version:	4.3(0.0)pp4	Trust: 0.8
vendor:	cisco	model:	prime network	scope:	eq	version:	4.3(1.0)pp2	Trust: 0.8
vendor:	cisco	model:	prime network	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	prime network software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime network 4.3 pp2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	prime network 4.3 pp4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	prime network 4.2 pp6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	prime network 4.2 pp1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	prime network	scope:	ne	version:	4.3(2)	Trust: 0.3

sources: CNVD: CNVD-2017-14610 // BID: 99457 // JVNDB: JVNDB-2017-005627 // CNNVD: CNNVD-201707-389 // NVD: CVE-2017-6732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6732
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6732
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-14610
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201707-389
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114935
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6732
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-14610
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114935
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6732
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-14610 // VULHUB: VHN-114935 // JVNDB: JVNDB-2017-005627 // CNNVD: CNNVD-201707-389 // NVD: CVE-2017-6732

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-114935 // JVNDB: JVNDB-2017-005627 // NVD: CVE-2017-6732

THREAT TYPE

local

Trust: 0.9

sources: BID: 99457 // CNNVD: CNNVD-201707-389

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201707-389

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005627

PATCH

title:	cisco-sa-20170705-prime	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-prime	Trust: 0.8
title:	Patch for Cisco PrimeNetwork Local Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/98167	Trust: 0.6
title:	Cisco Prime Network Software installation procedure Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71587	Trust: 0.6

sources: CNVD: CNVD-2017-14610 // JVNDB: JVNDB-2017-005627 // CNNVD: CNNVD-201707-389

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6732	Trust: 3.4
db:	BID	id:	99457	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-005627	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-389	Trust: 0.7
db:	BID	id:	9945799457	Trust: 0.6
db:	CNVD	id:	CNVD-2017-14610	Trust: 0.6
db:	VULHUB	id:	VHN-114935	Trust: 0.1

sources: CNVD: CNVD-2017-14610 // VULHUB: VHN-114935 // BID: 99457 // JVNDB: JVNDB-2017-005627 // CNNVD: CNNVD-201707-389 // NVD: CVE-2017-6732

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-prime	Trust: 2.6
url:	http://www.securityfocus.com/bid/99457	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6732	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6732	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-14610 // VULHUB: VHN-114935 // BID: 99457 // JVNDB: JVNDB-2017-005627 // CNNVD: CNNVD-201707-389 // NVD: CVE-2017-6732

CREDITS

Cisco.

Trust: 0.3

sources: BID: 99457

SOURCES

db:	CNVD	id:	CNVD-2017-14610
db:	VULHUB	id:	VHN-114935
db:	BID	id:	99457
db:	JVNDB	id:	JVNDB-2017-005627
db:	CNNVD	id:	CNNVD-201707-389
db:	NVD	id:	CVE-2017-6732

LAST UPDATE DATE

2025-04-20T23:36:48.770000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-14610	date:	2017-07-17T00:00:00
db:	VULHUB	id:	VHN-114935	date:	2019-10-03T00:00:00
db:	BID	id:	99457	date:	2017-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-005627	date:	2017-08-02T00:00:00
db:	CNNVD	id:	CNNVD-201707-389	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6732	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-14610	date:	2017-07-14T00:00:00
db:	VULHUB	id:	VHN-114935	date:	2017-07-10T00:00:00
db:	BID	id:	99457	date:	2017-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-005627	date:	2017-08-02T00:00:00
db:	CNNVD	id:	CNNVD-201707-389	date:	2017-07-12T00:00:00
db:	NVD	id:	CVE-2017-6732	date:	2017-07-10T20:29:00.673