Lucene search

CiscoCVE-2017-3884

HistoryApr 07, 2017 - 5:59 p.m.

CVE-2017-3884

2017-04-0717:59:00

CWE-200

cisco

web.nvd.nist.gov

cisco

prime infrastructure

epn manager

vulnerability

web interface

authentication

remote attacker

sensitive data

reconnaissance attacks

cve-2017-3884

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).

Affected configurations

Nvd

Node

ciscoevolved_programmable_network_managerMatch2.0\(4.0.45d\)

ciscoprime_infrastructureMatch2.2

ciscoprime_infrastructureMatch2.2\(3\)

ciscoprime_infrastructureMatch3.0

ciscoprime_infrastructureMatch3.1

ciscoprime_infrastructureMatch3.1\(0.128\)

ciscoprime_infrastructureMatch3.1\(4.0\)

ciscoprime_infrastructureMatch3.1\(5.0\)

ciscoprime_infrastructureMatch3.2\(0.0\)

VendorProductVersionCPE
ciscoevolved_programmable_network_manager2.0(4.0.45d)cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\(4.0.45d\):*:*:*:*:*:*:*
ciscoprime_infrastructure2.2cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*
ciscoprime_infrastructure2.2(3)cpe:2.3:a:cisco:prime_infrastructure:2.2\(3\):*:*:*:*:*:*:*
ciscoprime_infrastructure3.0cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*
ciscoprime_infrastructure3.1cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*
ciscoprime_infrastructure3.1(0.128)cpe:2.3:a:cisco:prime_infrastructure:3.1\(0.128\):*:*:*:*:*:*:*
ciscoprime_infrastructure3.1(4.0)cpe:2.3:a:cisco:prime_infrastructure:3.1\(4.0\):*:*:*:*:*:*:*
ciscoprime_infrastructure3.1(5.0)cpe:2.3:a:cisco:prime_infrastructure:3.1\(5.0\):*:*:*:*:*:*:*
ciscoprime_infrastructure3.2(0.0)cpe:2.3:a:cisco:prime_infrastructure:3.2\(0.0\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	evolved_programmable_network_manager	2.0(4.0.45d)	cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0\(4.0.45d\):::::::*
cisco	prime_infrastructure	2.2	cpe:2.3:a:cisco:prime_infrastructure:2.2:::::::*
cisco	prime_infrastructure	2.2(3)	cpe:2.3:a:cisco:prime_infrastructure:2.2\(3\):::::::*
cisco	prime_infrastructure	3.0	cpe:2.3:a:cisco:prime_infrastructure:3.0:::::::*
cisco	prime_infrastructure	3.1	cpe:2.3:a:cisco:prime_infrastructure:3.1:::::::*
cisco	prime_infrastructure	3.1(0.128)	cpe:2.3:a:cisco:prime_infrastructure:3.1\(0.128\):::::::*
cisco	prime_infrastructure	3.1(4.0)	cpe:2.3:a:cisco:prime_infrastructure:3.1\(4.0\):::::::*
cisco	prime_infrastructure	3.1(5.0)	cpe:2.3:a:cisco:prime_infrastructure:3.1\(5.0\):::::::*
cisco	prime_infrastructure	3.2(0.0)	cpe:2.3:a:cisco:prime_infrastructure:3.2\(0.0\):::::::*

CNA Affected

[
  {
    "product": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97470

www.securitytracker.com/id/1038189

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

Related for CVE-2017-3884