Details of VAR-201704-0645

ID

VAR-201704-0645

CVE

CVE-2017-3817

TITLE

Cisco Unified Computing System Director Vulnerability in which unauthorized information is displayed in the role-based resource check function

Trust: 0.8

sources: JVNDB: JVNDB-2017-002910

DESCRIPTION

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0). Successful exploits will allow attackers to obtain sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvc32434. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the program not checking role-based users correctly

Trust: 2.07

sources: NVD: CVE-2017-3817 // JVNDB: JVNDB-2017-002910 // BID: 97430 // VULHUB: VHN-112020 // VULMON: CVE-2017-3817

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system director	scope:	eq	version:	6.0.0.0	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.5.0.1	Trust: 1.6
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	5.5(0.1)	Trust: 0.8
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	6.0(0.0)	Trust: 0.8
vendor:	cisco	model:	unified computing system director	scope:	eq	version:	0	Trust: 0.3

sources: BID: 97430 // JVNDB: JVNDB-2017-002910 // CNNVD: CNNVD-201704-440 // NVD: CVE-2017-3817

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3817
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3817
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201704-440
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112020
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-3817
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3817
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-112020
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3817
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-112020 // VULMON: CVE-2017-3817 // JVNDB: JVNDB-2017-002910 // CNNVD: CNNVD-201704-440 // NVD: CVE-2017-3817

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-112020 // JVNDB: JVNDB-2017-002910 // NVD: CVE-2017-3817

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-440

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201704-440

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002910

PATCH

title:	cisco-sa-20170405-ucs-director	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director	Trust: 0.8
title:	Cisco Unified Computing System Director Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74785	Trust: 0.6

sources: JVNDB: JVNDB-2017-002910 // CNNVD: CNNVD-201704-440

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3817	Trust: 2.9
db:	BID	id:	97430	Trust: 2.1
db:	SECTRACK	id:	1038194	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-002910	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-440	Trust: 0.7
db:	VULHUB	id:	VHN-112020	Trust: 0.1
db:	VULMON	id:	CVE-2017-3817	Trust: 0.1

sources: VULHUB: VHN-112020 // VULMON: CVE-2017-3817 // BID: 97430 // JVNDB: JVNDB-2017-002910 // CNNVD: CNNVD-201704-440 // NVD: CVE-2017-3817

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-ucs-director	Trust: 2.1
url:	http://www.securityfocus.com/bid/97430	Trust: 1.9
url:	http://www.securitytracker.com/id/1038194	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3817	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3817	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-112020 // VULMON: CVE-2017-3817 // BID: 97430 // JVNDB: JVNDB-2017-002910 // CNNVD: CNNVD-201704-440 // NVD: CVE-2017-3817

CREDITS

Cisco

Trust: 0.3

sources: BID: 97430

SOURCES

db:	VULHUB	id:	VHN-112020
db:	VULMON	id:	CVE-2017-3817
db:	BID	id:	97430
db:	JVNDB	id:	JVNDB-2017-002910
db:	CNNVD	id:	CNNVD-201704-440
db:	NVD	id:	CVE-2017-3817

LAST UPDATE DATE

2024-11-23T21:41:29.386000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-112020	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-3817	date:	2019-10-03T00:00:00
db:	BID	id:	97430	date:	2017-04-11T00:03:00
db:	JVNDB	id:	JVNDB-2017-002910	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201704-440	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3817	date:	2024-11-21T03:26:10.440

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-112020	date:	2017-04-07T00:00:00
db:	VULMON	id:	CVE-2017-3817	date:	2017-04-07T00:00:00
db:	BID	id:	97430	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-002910	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201704-440	date:	2017-04-07T00:00:00
db:	NVD	id:	CVE-2017-3817	date:	2017-04-07T17:59:00.293