Details of VAR-201702-0810

ID

VAR-201702-0810

CVE

CVE-2017-3843

TITLE

Cisco Prime Collaboration Assurance System file download function vulnerable to downloading system files

Trust: 0.8

sources: JVNDB: JVNDB-2017-001638

DESCRIPTION

A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0). An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCvc99446. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites

Trust: 1.98

sources: NVD: CVE-2017-3843 // JVNDB: JVNDB-2017-001638 // BID: 96248 // VULHUB: VHN-112046

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.1.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.0.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.5(0)	Trust: 0.8
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.5	Trust: 0.3
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.1	Trust: 0.3
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.0	Trust: 0.3
vendor:	cisco	model:	prime collaboration assurance	scope:	ne	version:	11.6	Trust: 0.3

sources: BID: 96248 // JVNDB: JVNDB-2017-001638 // CNNVD: CNNVD-201702-668 // NVD: CVE-2017-3843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3843
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3843
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-668
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112046
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3843
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-112046
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3843
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-112046 // JVNDB: JVNDB-2017-001638 // CNNVD: CNNVD-201702-668 // NVD: CVE-2017-3843

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-112046 // JVNDB: JVNDB-2017-001638 // NVD: CVE-2017-3843

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-668

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201702-668

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001638

PATCH

title:	cisco-sa-20170215-pcp1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp1	Trust: 0.8
title:	Cisco Prime Collaboration Assurance Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68163	Trust: 0.6

sources: JVNDB: JVNDB-2017-001638 // CNNVD: CNNVD-201702-668

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3843	Trust: 2.8
db:	BID	id:	96248	Trust: 2.0
db:	SECTRACK	id:	1037843	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-001638	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-668	Trust: 0.7
db:	VULHUB	id:	VHN-112046	Trust: 0.1

sources: VULHUB: VHN-112046 // BID: 96248 // JVNDB: JVNDB-2017-001638 // CNNVD: CNNVD-201702-668 // NVD: CVE-2017-3843

REFERENCES

url:	http://www.securityfocus.com/bid/96248	Trust: 1.7
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp1	Trust: 1.7
url:	http://www.securitytracker.com/id/1037843	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3843	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3843	Trust: 0.8
url:	http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/collaboration/10-0/assurance/standard/guide/cisco_prime_collaboration_assurance_guide_standard_10/bk_assurance_standard_chapter_010.html	Trust: 0.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-pcp1	Trust: 0.3

sources: VULHUB: VHN-112046 // BID: 96248 // JVNDB: JVNDB-2017-001638 // CNNVD: CNNVD-201702-668 // NVD: CVE-2017-3843

CREDITS

Cisco

Trust: 0.9

sources: BID: 96248 // CNNVD: CNNVD-201702-668

SOURCES

db:	VULHUB	id:	VHN-112046
db:	BID	id:	96248
db:	JVNDB	id:	JVNDB-2017-001638
db:	CNNVD	id:	CNNVD-201702-668
db:	NVD	id:	CVE-2017-3843

LAST UPDATE DATE

2024-11-23T22:38:37.909000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112046	date:	2017-07-25T00:00:00
db:	BID	id:	96248	date:	2017-03-07T04:03:00
db:	JVNDB	id:	JVNDB-2017-001638	date:	2017-03-10T00:00:00
db:	CNNVD	id:	CNNVD-201702-668	date:	2017-02-21T00:00:00
db:	NVD	id:	CVE-2017-3843	date:	2024-11-21T03:26:13.567

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112046	date:	2017-02-22T00:00:00
db:	BID	id:	96248	date:	2017-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-001638	date:	2017-03-10T00:00:00
db:	CNNVD	id:	CNNVD-201702-668	date:	2017-02-21T00:00:00
db:	NVD	id:	CVE-2017-3843	date:	2017-02-22T02:59:00.620