Sign-up

ID

VAR-201703-0888


CVE

CVE-2017-3877


TITLE

Cisco Unified Communications Manager of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2017-002463

DESCRIPTION

A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2). Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected user. Other attacks are also possible. This issue is being tracked by Cisco bug ID CSCvb70021. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2017-3877 // JVNDB: JVNDB-2017-002463 // BID: 96915 // VULHUB: VHN-112080

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.11.007.2\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.11007.2)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 96915 // JVNDB: JVNDB-2017-002463 // CNNVD: CNNVD-201703-680 // NVD: CVE-2017-3877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3877
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3877
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-680
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112080
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3877
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-112080
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3877
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-112080 // JVNDB: JVNDB-2017-002463 // CNNVD: CNNVD-201703-680 // NVD: CVE-2017-3877

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-112080 // JVNDB: JVNDB-2017-002463 // NVD: CVE-2017-3877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-680

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201703-680

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002463

PATCH
title:cisco-sa-20170315-ucm2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-002463

EXTERNAL IDS
db:NVDid:CVE-2017-3877
Trust: 2.8
db:BIDid:96915
Trust: 2.0
db:SECTRACKid:1038038
Trust: 1.1
db:JVNDBid:JVNDB-2017-002463
Trust: 0.8
db:CNNVDid:CNNVD-201703-680
Trust: 0.7
db:VULHUBid:VHN-112080
Trust: 0.1
sources:
            
            
            VULHUB: VHN-112080 // 
            
            
            
            BID: 96915 // 
            
            
            
            JVNDB: JVNDB-2017-002463 // 
            
            
            
            CNNVD: CNNVD-201703-680 // 
            
            
            
            NVD: CVE-2017-3877

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-ucm2
Trust: 2.0
url:http://www.securityfocus.com/bid/96915
Trust: 1.7
url:http://www.securitytracker.com/id/1038038
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3877
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3877
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-112080 // 
            
            
            
            BID: 96915 // 
            
            
            
            JVNDB: JVNDB-2017-002463 // 
            
            
            
            CNNVD: CNNVD-201703-680 // 
            
            
            
            NVD: CVE-2017-3877

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 96915 // 
            
            
            
            CNNVD: CNNVD-201703-680

SOURCES
db:VULHUBid:VHN-112080
db:BIDid:96915
db:JVNDBid:JVNDB-2017-002463
db:CNNVDid:CNNVD-201703-680
db:NVDid:CVE-2017-3877

LAST UPDATE DATE
2024-11-23T22:59:20.948000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-112080date:2017-07-12T00:00:00
db:BIDid:96915date:2017-03-16T00:03:00
db:JVNDBid:JVNDB-2017-002463date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-680date:2017-03-16T00:00:00
db:NVDid:CVE-2017-3877date:2024-11-21T03:26:17.850

SOURCES RELEASE DATE
db:VULHUBid:VHN-112080date:2017-03-17T00:00:00
db:BIDid:96915date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002463date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-680date:2017-03-16T00:00:00
db:NVDid:CVE-2017-3877date:2017-03-17T22:59:00.517