Lucene search

[email protected]NVD:CVE-2017-15805

HistoryOct 23, 2017 - 8:29 a.m.

CVE-2017-15805

2017-10-2308:29:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

54.5%

JSON

Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow …/ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.

Affected configurations

Nvd

Node

ciscosmall_business_sa520_firmwareMatch2.1.71

ciscosmall_business_sa520_firmwareMatch2.2.0.7

AND

ciscosmall_business_sa520Match-

Node

ciscosmall_business_sa540_firmwareMatch2.1.71

ciscosmall_business_sa540_firmwareMatch2.2.0.7

AND

ciscosmall_business_sa540Match-

VendorProductVersionCPE
ciscosmall_business_sa520_firmware2.1.71cpe:2.3:o:cisco:small_business_sa520_firmware:2.1.71:*:*:*:*:*:*:*
ciscosmall_business_sa520_firmware2.2.0.7cpe:2.3:o:cisco:small_business_sa520_firmware:2.2.0.7:*:*:*:*:*:*:*
ciscosmall_business_sa520-cpe:2.3:h:cisco:small_business_sa520:-:*:*:*:*:*:*:*
ciscosmall_business_sa540_firmware2.1.71cpe:2.3:o:cisco:small_business_sa540_firmware:2.1.71:*:*:*:*:*:*:*
ciscosmall_business_sa540_firmware2.2.0.7cpe:2.3:o:cisco:small_business_sa540_firmware:2.2.0.7:*:*:*:*:*:*:*
ciscosmall_business_sa540-cpe:2.3:h:cisco:small_business_sa540:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	small_business_sa520_firmware	2.1.71	cpe:2.3:o:cisco:small_business_sa520_firmware:2.1.71:::::::*
cisco	small_business_sa520_firmware	2.2.0.7	cpe:2.3:o:cisco:small_business_sa520_firmware:2.2.0.7:::::::*
cisco	small_business_sa520	-	cpe:2.3:h:cisco:small_business_sa520:-:::::::*
cisco	small_business_sa540_firmware	2.1.71	cpe:2.3:o:cisco:small_business_sa540_firmware:2.1.71:::::::*
cisco	small_business_sa540_firmware	2.2.0.7	cpe:2.3:o:cisco:small_business_sa540_firmware:2.2.0.7:::::::*
cisco	small_business_sa540	-	cpe:2.3:h:cisco:small_business_sa540:-:::::::*

References

www.fwhibbit.es/lfi-en-cisco-small-business-sa500-series-cuando-la-seguridad-de-tu-red-esta-hecha-un-cisco

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

54.5%

JSON

Related for NVD:CVE-2017-15805

prion1 cvelist1 cve1