Details of VAR-201702-0803

ID

VAR-201702-0803

CVE

CVE-2017-3836

TITLE

Cisco Unified Communications Manager of Web Vulnerabilities that display important information in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2017-001686

DESCRIPTION

A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). Vendors have confirmed this vulnerability Bug ID CSCvb61689 It is released as.A remote attacker could display important information. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvb61689. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2017-3836 // JVNDB: JVNDB-2017-001686 // BID: 96251 // VULHUB: VHN-112039

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.11007.2\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5(1.11007.2)	Trust: 1.1
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	12.0(0.98000.6)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	12.0(0.98000.536)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	12.0(0.98000.488)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	12.0(0.98000.383)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	12.0(0.98000.178)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	ne	version:	12.0(0.98000.162)	Trust: 0.3

sources: BID: 96251 // JVNDB: JVNDB-2017-001686 // CNNVD: CNNVD-201702-671 // NVD: CVE-2017-3836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3836
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3836
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-671
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112039
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3836
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-112039
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3836
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-112039 // JVNDB: JVNDB-2017-001686 // CNNVD: CNNVD-201702-671 // NVD: CVE-2017-3836

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-112039 // JVNDB: JVNDB-2017-001686 // NVD: CVE-2017-3836

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-671

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-671

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001686

PATCH

title:	cisco-sa-20170215-cucm3	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3	Trust: 0.8
title:	Cisco Unified Communications Manager Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68160	Trust: 0.6

sources: JVNDB: JVNDB-2017-001686 // CNNVD: CNNVD-201702-671

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3836	Trust: 2.8
db:	BID	id:	96251	Trust: 2.0
db:	SECTRACK	id:	1037840	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-001686	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-671	Trust: 0.7
db:	VULHUB	id:	VHN-112039	Trust: 0.1

sources: VULHUB: VHN-112039 // BID: 96251 // JVNDB: JVNDB-2017-001686 // CNNVD: CNNVD-201702-671 // NVD: CVE-2017-3836

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-cucm3	Trust: 2.0
url:	http://www.securityfocus.com/bid/96251	Trust: 1.7
url:	http://www.securitytracker.com/id/1037840	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3836	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3836	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-112039 // BID: 96251 // JVNDB: JVNDB-2017-001686 // CNNVD: CNNVD-201702-671 // NVD: CVE-2017-3836

CREDITS

Cisco

Trust: 0.9

sources: BID: 96251 // CNNVD: CNNVD-201702-671

SOURCES

db:	VULHUB	id:	VHN-112039
db:	BID	id:	96251
db:	JVNDB	id:	JVNDB-2017-001686
db:	CNNVD	id:	CNNVD-201702-671
db:	NVD	id:	CVE-2017-3836

LAST UPDATE DATE

2024-11-23T21:54:16.578000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112039	date:	2017-07-25T00:00:00
db:	BID	id:	96251	date:	2017-03-07T02:04:00
db:	JVNDB	id:	JVNDB-2017-001686	date:	2017-03-13T00:00:00
db:	CNNVD	id:	CNNVD-201702-671	date:	2017-02-21T00:00:00
db:	NVD	id:	CVE-2017-3836	date:	2024-11-21T03:26:12.763

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112039	date:	2017-02-22T00:00:00
db:	BID	id:	96251	date:	2017-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-001686	date:	2017-03-13T00:00:00
db:	CNNVD	id:	CNNVD-201702-671	date:	2017-02-21T00:00:00
db:	NVD	id:	CVE-2017-3836	date:	2017-02-22T02:59:00.417