Sign-up

ID

VAR-201711-0367


CVE

CVE-2017-12306


TITLE

Cisco Spark Board Vulnerabilities in environment settings

Trust: 0.8

sources: JVNDB: JVNDB-2017-010468

DESCRIPTION

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. Cisco Spark Board Contains a vulnerability related to configuration settings. Vendors have confirmed this vulnerability Bug ID CSCvf84502 It is released as.Information may be tampered with. CiscoSparkBoard is a tablet device dedicated to video conferencing by Cisco. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions

Trust: 2.61

sources: NVD: CVE-2017-12306 // JVNDB: JVNDB-2017-010468 // CNVD: CNVD-2017-34910 // BID: 101914 // VULHUB: VHN-102815 // VULMON: CVE-2017-12306

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34910

AFFECTED PRODUCTS

vendor:ciscomodel:conference directorscope:eqversion:2017-08-15

Trust: 1.6

vendor:ciscomodel:sparkscope: - version: -

Trust: 0.8

vendor:ciscomodel:spark boardscope: - version: -

Trust: 0.6

vendor:ciscomodel:spark boardscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-34910 // BID: 101914 // JVNDB: JVNDB-2017-010468 // CNNVD: CNNVD-201711-673 // NVD: CVE-2017-12306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12306
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12306
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-34910
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-673
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102815
value: LOW

Trust: 0.1

VULMON: CVE-2017-12306
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-12306
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-34910
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102815
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12306
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34910 // VULHUB: VHN-102815 // VULMON: CVE-2017-12306 // JVNDB: JVNDB-2017-010468 // CNNVD: CNNVD-201711-673 // NVD: CVE-2017-12306

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.9

problemtype:CWE-494

Trust: 1.1

sources: VULHUB: VHN-102815 // JVNDB: JVNDB-2017-010468 // NVD: CVE-2017-12306

THREAT TYPE

local

Trust: 0.9

sources: BID: 101914 // CNNVD: CNNVD-201711-673

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201711-673

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010468

PATCH
title:cisco-sa-20171115-sparkurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark
Trust: 0.8
title:CiscoSparkBoard Local Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/106616
Trust: 0.6
title:Cisco Spark Board Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76498
Trust: 0.6
title:Cisco: Cisco Spark Board Upgrade Signature Verification Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20171115-spark
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34910 // 
            
            
            
            VULMON: CVE-2017-12306 // 
            
            
            
            JVNDB: JVNDB-2017-010468 // 
            
            
            
            CNNVD: CNNVD-201711-673

EXTERNAL IDS
db:NVDid:CVE-2017-12306
Trust: 3.5
db:BIDid:101914
Trust: 2.7
db:JVNDBid:JVNDB-2017-010468
Trust: 0.8
db:CNNVDid:CNNVD-201711-673
Trust: 0.7
db:CNVDid:CNVD-2017-34910
Trust: 0.6
db:VULHUBid:VHN-102815
Trust: 0.1
db:VULMONid:CVE-2017-12306
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34910 // 
            
            
            
            VULHUB: VHN-102815 // 
            
            
            
            VULMON: CVE-2017-12306 // 
            
            
            
            BID: 101914 // 
            
            
            
            JVNDB: JVNDB-2017-010468 // 
            
            
            
            CNNVD: CNNVD-201711-673 // 
            
            
            
            NVD: CVE-2017-12306

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171115-spark
Trust: 2.8
url:http://www.securityfocus.com/bid/101914
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=12306
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12306
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/494.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34910 // 
            
            
            
            VULHUB: VHN-102815 // 
            
            
            
            VULMON: CVE-2017-12306 // 
            
            
            
            BID: 101914 // 
            
            
            
            JVNDB: JVNDB-2017-010468 // 
            
            
            
            CNNVD: CNNVD-201711-673 // 
            
            
            
            NVD: CVE-2017-12306

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101914

SOURCES
db:CNVDid:CNVD-2017-34910
db:VULHUBid:VHN-102815
db:VULMONid:CVE-2017-12306
db:BIDid:101914
db:JVNDBid:JVNDB-2017-010468
db:CNNVDid:CNNVD-201711-673
db:NVDid:CVE-2017-12306

LAST UPDATE DATE
2025-04-20T23:15:51.688000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34910date:2017-11-22T00:00:00
db:VULHUBid:VHN-102815date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-12306date:2019-10-09T00:00:00
db:BIDid:101914date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-010468date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-673date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12306date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34910date:2017-11-22T00:00:00
db:VULHUBid:VHN-102815date:2017-11-16T00:00:00
db:VULMONid:CVE-2017-12306date:2017-11-16T00:00:00
db:BIDid:101914date:2017-11-15T00:00:00
db:JVNDBid:JVNDB-2017-010468date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-673date:2017-11-20T00:00:00
db:NVDid:CVE-2017-12306date:2017-11-16T07:29:00.540