Sign-up

ID

VAR-201703-0882


CVE

CVE-2017-3869


TITLE

Cisco Prime Infrastructure for API Should be restricted to privileged users in API Vulnerabilities accessed by

Trust: 0.8

sources: JVNDB: JVNDB-2017-002459

DESCRIPTION

An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1). Cisco Prime Infrastructure (PI) is a product of Cisco. PI is a solution for wireless management through Cisco PrimeNetwork Management Solution (LMS) and Cisco Prime Network Control System (NCS) technology. A security bypass vulnerability exists in Cisco Prime Infrastructure. A remote attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuy36192. The vulnerability stems from the program's insufficient implementation of role-based access control on APIs

Trust: 2.52

sources: NVD: CVE-2017-3869 // JVNDB: JVNDB-2017-002459 // CNVD: CNVD-2017-04277 // BID: 96931 // VULHUB: VHN-112072

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04277

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion:3.1\(1\)

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope:eqversion:3.1(1)

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope: - version: -

Trust: 0.6

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-04277 // BID: 96931 // JVNDB: JVNDB-2017-002459 // CNNVD: CNNVD-201703-846 // NVD: CVE-2017-3869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3869
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3869
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-04277
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-846
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112072
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3869
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04277
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-112072
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3869
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04277 // VULHUB: VHN-112072 // JVNDB: JVNDB-2017-002459 // CNNVD: CNNVD-201703-846 // NVD: CVE-2017-3869

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-112072 // JVNDB: JVNDB-2017-002459 // NVD: CVE-2017-3869

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-846

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201703-846

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002459

PATCH
title:cisco-sa-20170315-cpiurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpi
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-002459

EXTERNAL IDS
db:NVDid:CVE-2017-3869
Trust: 3.4
db:BIDid:96931
Trust: 2.0
db:SECTRACKid:1038048
Trust: 1.7
db:JVNDBid:JVNDB-2017-002459
Trust: 0.8
db:CNNVDid:CNNVD-201703-846
Trust: 0.7
db:CNVDid:CNVD-2017-04277
Trust: 0.6
db:VULHUBid:VHN-112072
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04277 // 
            
            
            
            VULHUB: VHN-112072 // 
            
            
            
            BID: 96931 // 
            
            
            
            JVNDB: JVNDB-2017-002459 // 
            
            
            
            CNNVD: CNNVD-201703-846 // 
            
            
            
            NVD: CVE-2017-3869

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-cpi
Trust: 2.6
url:http://www.securityfocus.com/bid/96931
Trust: 1.7
url:http://www.securitytracker.com/id/1038048
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3869
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3869
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04277 // 
            
            
            
            VULHUB: VHN-112072 // 
            
            
            
            BID: 96931 // 
            
            
            
            JVNDB: JVNDB-2017-002459 // 
            
            
            
            CNNVD: CNNVD-201703-846 // 
            
            
            
            NVD: CVE-2017-3869

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 96931

SOURCES
db:CNVDid:CNVD-2017-04277
db:VULHUBid:VHN-112072
db:BIDid:96931
db:JVNDBid:JVNDB-2017-002459
db:CNNVDid:CNNVD-201703-846
db:NVDid:CVE-2017-3869

LAST UPDATE DATE
2024-11-23T22:34:40.978000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04277date:2017-04-11T00:00:00
db:VULHUBid:VHN-112072date:2019-10-03T00:00:00
db:BIDid:96931date:2017-03-23T00:01:00
db:JVNDBid:JVNDB-2017-002459date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-846date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3869date:2024-11-21T03:26:16.903

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04277date:2017-04-11T00:00:00
db:VULHUBid:VHN-112072date:2017-03-17T00:00:00
db:BIDid:96931date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002459date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-846date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3869date:2017-03-17T22:59:00.313