Sign-up

ID

VAR-201803-0158


CVE

CVE-2017-12310


TITLE

Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-33271 // CNNVD: CNNVD-201803-974

DESCRIPTION

A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593. Vendors have confirmed this vulnerability Bug ID CSCvg35593 It is released as.Information may be obtained. CiscoSparkHybridCalendarService can connect to the local Microsoft Exchangecalendar to the CiscoSpark cloud to install meeting time

Trust: 2.25

sources: NVD: CVE-2017-12310 // JVNDB: JVNDB-2017-013015 // CNVD: CNVD-2017-33271 // VULHUB: VHN-102820

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33271

AFFECTED PRODUCTS

vendor:ciscomodel:spark hybrid calendar servicescope: - version: -

Trust: 1.2

vendor:ciscomodel:spark hybrid calendar servicescope:eqversion:*

Trust: 1.0

vendor:ciscomodel:spark hybrid servicescope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-33271 // JVNDB: JVNDB-2017-013015 // CNNVD: CNNVD-201803-974 // NVD: CVE-2017-12310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12310
value: HIGH

Trust: 1.0

NVD: CVE-2017-12310
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33271
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-974
value: HIGH

Trust: 0.6

VULHUB: VHN-102820
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12310
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33271
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102820
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12310
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-33271 // VULHUB: VHN-102820 // JVNDB: JVNDB-2017-013015 // CNNVD: CNNVD-201803-974 // NVD: CVE-2017-12310

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-319

Trust: 1.1

sources: VULHUB: VHN-102820 // JVNDB: JVNDB-2017-013015 // NVD: CVE-2017-12310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-974

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201803-974

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013015

PATCH
title:cisco-sa-20171023-sparkurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark
Trust: 0.8
title:Patch for CiscoSparkHybridCalendarService Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105727
Trust: 0.6
title:Cisco Spark Hybrid Calendar Service Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79461
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33271 // 
            
            
            
            JVNDB: JVNDB-2017-013015 // 
            
            
            
            CNNVD: CNNVD-201803-974

EXTERNAL IDS
db:NVDid:CVE-2017-12310
Trust: 3.1
db:JVNDBid:JVNDB-2017-013015
Trust: 0.8
db:CNNVDid:CNNVD-201803-974
Trust: 0.7
db:CNVDid:CNVD-2017-33271
Trust: 0.6
db:VULHUBid:VHN-102820
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33271 // 
            
            
            
            VULHUB: VHN-102820 // 
            
            
            
            JVNDB: JVNDB-2017-013015 // 
            
            
            
            CNNVD: CNNVD-201803-974 // 
            
            
            
            NVD: CVE-2017-12310

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171023-spark
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-12310
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12310
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-33271 // 
            
            
            
            VULHUB: VHN-102820 // 
            
            
            
            JVNDB: JVNDB-2017-013015 // 
            
            
            
            CNNVD: CNNVD-201803-974 // 
            
            
            
            NVD: CVE-2017-12310

SOURCES
db:CNVDid:CNVD-2017-33271
db:VULHUBid:VHN-102820
db:JVNDBid:JVNDB-2017-013015
db:CNNVDid:CNNVD-201803-974
db:NVDid:CVE-2017-12310

LAST UPDATE DATE
2024-11-23T22:12:39.235000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33271date:2017-11-09T00:00:00
db:VULHUBid:VHN-102820date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-013015date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-974date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12310date:2024-11-21T03:09:17.107

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33271date:2017-11-09T00:00:00
db:VULHUBid:VHN-102820date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2017-013015date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-974date:2018-03-28T00:00:00
db:NVDid:CVE-2017-12310date:2018-03-27T09:29:00.217