Details of VAR-201703-0710

ID

VAR-201703-0710

CVE

CVE-2017-3815

TITLE

Cisco TelePresence Server Vulnerability in software emulating the endpoint of the server

Trust: 0.8

sources: JVNDB: JVNDB-2017-002456

DESCRIPTION

An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616. An attacker can exploit this issue to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSCvc37616. Mobility Services Engine (MSE) is a set of platforms (mobile service engine) that can provide Wi-Fi services. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. 8710 Processors is one of those processes

Trust: 1.98

sources: NVD: CVE-2017-3815 // JVNDB: JVNDB-2017-002456 // BID: 96922 // VULHUB: VHN-112018

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.2\(4.17\)	Trust: 1.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.2\(4.18\)	Trust: 1.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.2\(4.19\)	Trust: 1.6
vendor:	cisco	model:	telepresence server software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.1(1.79)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.3(1.55)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.2(4.23)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.3(1.57)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1(1.82)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.2(3.72)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.2(1.48)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.2(1.54)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.0(1.57)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1(1.98)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.3(1.58)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0(2.46)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.2(4.17)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.1(1.37)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1(1.96)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0(2.24)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1(1.97)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.2(4.18)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.0(2.8)	Trust: 0.3
vendor:	cisco	model:	telepresence server mse	scope:	eq	version:	87100	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0(2.48)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	ne	version:	4.3	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1(1.95)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.1(2.29)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1(1.80)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.1(1.33)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.1(2.33)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	2.2(1.43)	Trust: 0.3
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0(2.49)	Trust: 0.3

sources: BID: 96922 // JVNDB: JVNDB-2017-002456 // CNNVD: CNNVD-201703-850 // NVD: CVE-2017-3815

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3815
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3815
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201703-850
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112018
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3815
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-112018
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3815
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-112018 // JVNDB: JVNDB-2017-002456 // CNNVD: CNNVD-201703-850 // NVD: CVE-2017-3815

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-112018 // JVNDB: JVNDB-2017-002456 // NVD: CVE-2017-3815

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-850

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201703-850

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002456

PATCH

title:

cisco-sa-20170315-tps

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps

Trust: 0.8

sources: JVNDB: JVNDB-2017-002456

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3815	Trust: 2.8
db:	BID	id:	96922	Trust: 2.0
db:	SECTRACK	id:	1038035	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-002456	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-850	Trust: 0.7
db:	VULHUB	id:	VHN-112018	Trust: 0.1

sources: VULHUB: VHN-112018 // BID: 96922 // JVNDB: JVNDB-2017-002456 // CNNVD: CNNVD-201703-850 // NVD: CVE-2017-3815

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-tps	Trust: 2.0
url:	http://www.securityfocus.com/bid/96922	Trust: 1.7
url:	http://www.securitytracker.com/id/1038035	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3815	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3815	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-112018 // BID: 96922 // JVNDB: JVNDB-2017-002456 // CNNVD: CNNVD-201703-850 // NVD: CVE-2017-3815

CREDITS

Cisco

Trust: 0.3

sources: BID: 96922

SOURCES

db:	VULHUB	id:	VHN-112018
db:	BID	id:	96922
db:	JVNDB	id:	JVNDB-2017-002456
db:	CNNVD	id:	CNNVD-201703-850
db:	NVD	id:	CVE-2017-3815

LAST UPDATE DATE

2024-11-23T22:38:36.707000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112018	date:	2019-10-03T00:00:00
db:	BID	id:	96922	date:	2017-03-16T09:28:00
db:	JVNDB	id:	JVNDB-2017-002456	date:	2017-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201703-850	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3815	date:	2024-11-21T03:26:10.327

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112018	date:	2017-03-17T00:00:00
db:	BID	id:	96922	date:	2017-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-002456	date:	2017-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201703-850	date:	2017-03-22T00:00:00
db:	NVD	id:	CVE-2017-3815	date:	2017-03-17T22:59:00.203