Sign-up

ID

VAR-201708-1327


CVE

CVE-2017-6771


TITLE

Cisco Ultra Services Framework Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007077

DESCRIPTION

A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd29358 It is released as.Information may be obtained. AutoVNF automation tool is one of the virtualized network tools

Trust: 1.98

sources: NVD: CVE-2017-6771 // JVNDB: JVNDB-2017-007077 // BID: 100385 // VULHUB: VHN-114974

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services frameworkscope:eqversion:21.0.v0.65839

Trust: 1.6

vendor:ciscomodel:ultra services frameworkscope: - version: -

Trust: 0.8

vendor:ciscomodel:ultra services frameworkscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ultra automation servicesscope:eqversion:21.0.v0.65839

Trust: 0.3

sources: BID: 100385 // JVNDB: JVNDB-2017-007077 // CNNVD: CNNVD-201708-785 // NVD: CVE-2017-6771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6771
value: HIGH

Trust: 1.0

NVD: CVE-2017-6771
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-785
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114974
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6771
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114974
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6771
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114974 // JVNDB: JVNDB-2017-007077 // CNNVD: CNNVD-201708-785 // NVD: CVE-2017-6771

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114974 // JVNDB: JVNDB-2017-007077 // NVD: CVE-2017-6771

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-785

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-785

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007077

PATCH
title:cisco-sa-20170816-usfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf
Trust: 0.8
title:Cisco Ultra Services Framework AutoVNF automation Tool information disclosure vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74102
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-007077 // 
            
            
            
            CNNVD: CNNVD-201708-785

EXTERNAL IDS
db:NVDid:CVE-2017-6771
Trust: 2.8
db:BIDid:100385
Trust: 1.4
db:JVNDBid:JVNDB-2017-007077
Trust: 0.8
db:CNNVDid:CNNVD-201708-785
Trust: 0.7
db:NSFOCUSid:37445
Trust: 0.6
db:VULHUBid:VHN-114974
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114974 // 
            
            
            
            BID: 100385 // 
            
            
            
            JVNDB: JVNDB-2017-007077 // 
            
            
            
            CNNVD: CNNVD-201708-785 // 
            
            
            
            NVD: CVE-2017-6771

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-usf
Trust: 2.0
url:http://www.securityfocus.com/bid/100385
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6771
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6771
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37445
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114974 // 
            
            
            
            BID: 100385 // 
            
            
            
            JVNDB: JVNDB-2017-007077 // 
            
            
            
            CNNVD: CNNVD-201708-785 // 
            
            
            
            NVD: CVE-2017-6771

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100385

SOURCES
db:VULHUBid:VHN-114974
db:BIDid:100385
db:JVNDBid:JVNDB-2017-007077
db:CNNVDid:CNNVD-201708-785
db:NVDid:CVE-2017-6771

LAST UPDATE DATE
2025-04-20T23:34:19.084000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114974date:2017-08-22T00:00:00
db:BIDid:100385date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007077date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-785date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6771date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114974date:2017-08-17T00:00:00
db:BIDid:100385date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007077date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-785date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6771date:2017-08-17T20:29:00.463