Details of VAR-201702-0808

ID

VAR-201702-0808

CVE

CVE-2017-3841

TITLE

Cisco Secure Access Control System of Web Vulnerabilities that expose important information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-001636

DESCRIPTION

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvc04854. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 1.98

sources: NVD: CVE-2017-3841 // JVNDB: JVNDB-2017-001636 // BID: 96237 // VULHUB: VHN-112044

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.8\(2.5\)	Trust: 1.6
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.8(2.5)	Trust: 0.8
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.8(2.5)	Trust: 0.3

sources: BID: 96237 // JVNDB: JVNDB-2017-001636 // CNNVD: CNNVD-201702-658 // NVD: CVE-2017-3841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3841
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3841
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201702-658
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112044
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3841
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-112044
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3841
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-112044 // JVNDB: JVNDB-2017-001636 // CNNVD: CNNVD-201702-658 // NVD: CVE-2017-3841

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-112044 // JVNDB: JVNDB-2017-001636 // NVD: CVE-2017-3841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-658

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-658

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001636

PATCH

title:	cisco-sa-20170215-acs3	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs3	Trust: 0.8
title:	Cisco Secure Access Control System Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68173	Trust: 0.6

sources: JVNDB: JVNDB-2017-001636 // CNNVD: CNNVD-201702-658

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3841	Trust: 2.8
db:	BID	id:	96237	Trust: 2.0
db:	SECTRACK	id:	1037838	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-001636	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-658	Trust: 0.7
db:	VULHUB	id:	VHN-112044	Trust: 0.1

sources: VULHUB: VHN-112044 // BID: 96237 // JVNDB: JVNDB-2017-001636 // CNNVD: CNNVD-201702-658 // NVD: CVE-2017-3841

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-acs3	Trust: 2.0
url:	http://www.securityfocus.com/bid/96237	Trust: 1.7
url:	http://www.securitytracker.com/id/1037838	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3841	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3841	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-112044 // BID: 96237 // JVNDB: JVNDB-2017-001636 // CNNVD: CNNVD-201702-658 // NVD: CVE-2017-3841

CREDITS

Cisco

Trust: 0.9

sources: BID: 96237 // CNNVD: CNNVD-201702-658

SOURCES

db:	VULHUB	id:	VHN-112044
db:	BID	id:	96237
db:	JVNDB	id:	JVNDB-2017-001636
db:	CNNVD	id:	CNNVD-201702-658
db:	NVD	id:	CVE-2017-3841

LAST UPDATE DATE

2024-11-23T22:49:08.484000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112044	date:	2017-07-25T00:00:00
db:	BID	id:	96237	date:	2017-03-07T04:02:00
db:	JVNDB	id:	JVNDB-2017-001636	date:	2017-03-10T00:00:00
db:	CNNVD	id:	CNNVD-201702-658	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2017-3841	date:	2024-11-21T03:26:13.333

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112044	date:	2017-02-22T00:00:00
db:	BID	id:	96237	date:	2017-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-001636	date:	2017-03-10T00:00:00
db:	CNNVD	id:	CNNVD-201702-658	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2017-3841	date:	2017-02-22T02:59:00.573