Details of VAR-201704-1331

ID

VAR-201704-1331

CVE

CVE-2017-6616

TITLE

Cisco Integrated Management Controller of Web Base of GUI Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003237

DESCRIPTION

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578. Vendors have confirmed this vulnerability Bug ID CSCvd14578 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out

Trust: 1.98

sources: NVD: CVE-2017-6616 // JVNDB: JVNDB-2017-003237 // BID: 97928 // VULHUB: VHN-114819

AFFECTED PRODUCTS

vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	3.0\(1c\)	Trust: 1.6
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	3.0(1c)	Trust: 0.8
vendor:	cisco	model:	integrated management controller 1.4	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified computing system 3.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	integrated management controller 3.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(9)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(8)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(7)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(6)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(5)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(4)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(3)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(2)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(13)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(12)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(11)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	2.0(1)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.5(9)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.5(8)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.5(7)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.5(6)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.5(5)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.5(4)	Trust: 0.3
vendor:	cisco	model:	integrated management controller 1.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.5(1)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.4(8)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.4(7)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.4(6)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.4(5)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.4(4)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.4(2)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	1.4(1)	Trust: 0.3
vendor:	cisco	model:	integrated management controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified computing system 3.0	scope:	ne	version:	-	Trust: 0.3

sources: BID: 97928 // JVNDB: JVNDB-2017-003237 // CNNVD: CNNVD-201704-1056 // NVD: CVE-2017-6616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6616
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6616
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-1056
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114819
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6616
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114819
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6616
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114819 // JVNDB: JVNDB-2017-003237 // CNNVD: CNNVD-201704-1056 // NVD: CVE-2017-6616

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-114819 // JVNDB: JVNDB-2017-003237 // NVD: CVE-2017-6616

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1056

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 97928 // CNNVD: CNNVD-201704-1056

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003237

PATCH

title:	cisco-sa-20170419-cimc3	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3	Trust: 0.8
title:	Cisco Integrated Management Controller Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69454	Trust: 0.6

sources: JVNDB: JVNDB-2017-003237 // CNNVD: CNNVD-201704-1056

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6616	Trust: 2.8
db:	BID	id:	97928	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-003237	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1056	Trust: 0.7
db:	VULHUB	id:	VHN-114819	Trust: 0.1

sources: VULHUB: VHN-114819 // BID: 97928 // JVNDB: JVNDB-2017-003237 // CNNVD: CNNVD-201704-1056 // NVD: CVE-2017-6616

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-cimc3	Trust: 2.0
url:	http://www.securityfocus.com/bid/97928	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6616	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6616	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114819 // BID: 97928 // JVNDB: JVNDB-2017-003237 // CNNVD: CNNVD-201704-1056 // NVD: CVE-2017-6616

CREDITS

Cisco

Trust: 0.3

sources: BID: 97928

SOURCES

db:	VULHUB	id:	VHN-114819
db:	BID	id:	97928
db:	JVNDB	id:	JVNDB-2017-003237
db:	CNNVD	id:	CNNVD-201704-1056
db:	NVD	id:	CVE-2017-6616

LAST UPDATE DATE

2024-11-23T23:09:04.099000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114819	date:	2019-10-09T00:00:00
db:	BID	id:	97928	date:	2017-09-25T18:00:00
db:	JVNDB	id:	JVNDB-2017-003237	date:	2017-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201704-1056	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6616	date:	2024-11-21T03:30:08.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114819	date:	2017-04-20T00:00:00
db:	BID	id:	97928	date:	2017-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-003237	date:	2017-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201704-1056	date:	2017-04-21T00:00:00
db:	NVD	id:	CVE-2017-6616	date:	2017-04-20T22:59:00.793