Sign-up

ID

VAR-201708-1345


CVE

CVE-2017-6754


TITLE

Cisco Smart Net Total Care Software Collector Appliance SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-27995 // CNNVD: CNNVD-201708-246

DESCRIPTION

A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An attacker could exploit this vulnerability by submitting crafted URLs, which are designed to exploit the vulnerability, to the affected software. To execute an attack successfully, the attacker would need to submit a number of requests to the affected software. A successful exploit could allow the attacker to determine the presence of values in the SQL database of the affected software. Cisco Bug IDs: CSCvf07617. Vendors have confirmed this vulnerability Bug ID CSCvf07617 It is released as.Information may be obtained. Cisco SmartNetTotalCare (SNTC) Software is an intelligent network support service

Trust: 2.52

sources: NVD: CVE-2017-6754 // JVNDB: JVNDB-2017-006822 // CNVD: CNVD-2017-27995 // BID: 100126 // VULHUB: VHN-114957

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-27995

AFFECTED PRODUCTS

vendor:ciscomodel:smart net total care collector appliancescope:eqversion:3.11

Trust: 1.6

vendor:ciscomodel:smart net total care software collector appliancescope:eqversion:3.11

Trust: 0.8

vendor:ciscomodel:smart net total carescope: - version: -

Trust: 0.6

vendor:ciscomodel:smart net total care software collector appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:network level servicescope:eqversion:3.11

Trust: 0.3

sources: CNVD: CNVD-2017-27995 // BID: 100126 // JVNDB: JVNDB-2017-006822 // CNNVD: CNNVD-201708-246 // NVD: CVE-2017-6754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6754
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6754
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-27995
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-246
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114957
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6754
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-27995
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114957
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6754
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-27995 // VULHUB: VHN-114957 // JVNDB: JVNDB-2017-006822 // CNNVD: CNNVD-201708-246 // NVD: CVE-2017-6754

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-114957 // JVNDB: JVNDB-2017-006822 // NVD: CVE-2017-6754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-246

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201708-246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006822

PATCH
title:CSCvd47888 - Cisco Adaptive Security Appliance Username Enumeration url:https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd47888
Trust: 0.8
title:cisco-sa-20170802-sntcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc
Trust: 0.8
title:Patch for Cisco SmartNetTotalCareSoftwareCollectorApplianceSQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/102687
Trust: 0.6
title:Cisco Smart Net Total Care Software Collector Appliance SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72437
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-27995 // 
            
            
            
            JVNDB: JVNDB-2017-006822 // 
            
            
            
            CNNVD: CNNVD-201708-246

EXTERNAL IDS
db:NVDid:CVE-2017-6754
Trust: 3.4
db:BIDid:100126
Trust: 2.6
db:JVNDBid:JVNDB-2017-006822
Trust: 0.8
db:CNNVDid:CNNVD-201708-246
Trust: 0.7
db:CNVDid:CNVD-2017-27995
Trust: 0.6
db:VULHUBid:VHN-114957
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-27995 // 
            
            
            
            VULHUB: VHN-114957 // 
            
            
            
            BID: 100126 // 
            
            
            
            JVNDB: JVNDB-2017-006822 // 
            
            
            
            CNNVD: CNNVD-201708-246 // 
            
            
            
            NVD: CVE-2017-6754

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170802-sntc
Trust: 2.6
url:http://www.securityfocus.com/bid/100126
Trust: 1.7
url:https://quickview.cloudapps.cisco.com/quickview/bug/cscvf07617
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6754
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6754
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-27995 // 
            
            
            
            VULHUB: VHN-114957 // 
            
            
            
            BID: 100126 // 
            
            
            
            JVNDB: JVNDB-2017-006822 // 
            
            
            
            CNNVD: CNNVD-201708-246 // 
            
            
            
            NVD: CVE-2017-6754

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100126

SOURCES
db:CNVDid:CNVD-2017-27995
db:VULHUBid:VHN-114957
db:BIDid:100126
db:JVNDBid:JVNDB-2017-006822
db:CNNVDid:CNNVD-201708-246
db:NVDid:CVE-2017-6754

LAST UPDATE DATE
2025-04-20T23:15:59.398000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-27995date:2017-09-25T00:00:00
db:VULHUBid:VHN-114957date:2019-10-09T00:00:00
db:BIDid:100126date:2017-08-02T00:00:00
db:JVNDBid:JVNDB-2017-006822date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201708-246date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6754date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-27995date:2017-09-25T00:00:00
db:VULHUBid:VHN-114957date:2017-08-07T00:00:00
db:BIDid:100126date:2017-08-02T00:00:00
db:JVNDBid:JVNDB-2017-006822date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201708-246date:2017-08-11T00:00:00
db:NVDid:CVE-2017-6754date:2017-08-07T06:29:00.417