Details of VAR-201706-0588

ID

VAR-201706-0588

CVE

CVE-2017-6673

TITLE

Cisco FirePOWER Management Center Vulnerability in obtaining user information

Trust: 0.8

sources: JVNDB: JVNDB-2017-004811

DESCRIPTION

A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvc10894. An attacker could exploit this vulnerability to retrieve user log files

Trust: 1.98

sources: NVD: CVE-2017-6673 // JVNDB: JVNDB-2017-004811 // BID: 98957 // VULHUB: VHN-114876

AFFECTED PRODUCTS

vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.1.0.2	Trust: 1.0
vendor:	cisco	model:	secure firewall management center	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.1.0.2	Trust: 0.9
vendor:	cisco	model:	firepower management center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.0	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 98957 // JVNDB: JVNDB-2017-004811 // CNNVD: CNNVD-201706-464 // NVD: CVE-2017-6673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6673
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6673
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201706-464
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114876
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6673
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114876
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6673
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114876 // JVNDB: JVNDB-2017-004811 // CNNVD: CNNVD-201706-464 // NVD: CVE-2017-6673

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-114876 // JVNDB: JVNDB-2017-004811 // NVD: CVE-2017-6673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-464

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-464

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004811

PATCH

title:	cisco-sa-20170607-fmc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-fmc	Trust: 0.8
title:	Cisco Firepower Management Center Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70891	Trust: 0.6

sources: JVNDB: JVNDB-2017-004811 // CNNVD: CNNVD-201706-464

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6673	Trust: 2.8
db:	JVNDB	id:	JVNDB-2017-004811	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-464	Trust: 0.7
db:	BID	id:	98957	Trust: 0.4
db:	VULHUB	id:	VHN-114876	Trust: 0.1

sources: VULHUB: VHN-114876 // BID: 98957 // JVNDB: JVNDB-2017-004811 // CNNVD: CNNVD-201706-464 // NVD: CVE-2017-6673

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-fmc	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6673	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6673	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114876 // BID: 98957 // JVNDB: JVNDB-2017-004811 // CNNVD: CNNVD-201706-464 // NVD: CVE-2017-6673

CREDITS

Cisco

Trust: 0.3

sources: BID: 98957

SOURCES

db:	VULHUB	id:	VHN-114876
db:	BID	id:	98957
db:	JVNDB	id:	JVNDB-2017-004811
db:	CNNVD	id:	CNNVD-201706-464
db:	NVD	id:	CVE-2017-6673

LAST UPDATE DATE

2024-11-27T22:57:45.855000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114876	date:	2017-06-20T00:00:00
db:	BID	id:	98957	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004811	date:	2017-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201706-464	date:	2017-06-15T00:00:00
db:	NVD	id:	CVE-2017-6673	date:	2024-11-26T16:09:02.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114876	date:	2017-06-13T00:00:00
db:	BID	id:	98957	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004811	date:	2017-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201706-464	date:	2017-06-15T00:00:00
db:	NVD	id:	CVE-2017-6673	date:	2017-06-13T06:29:01.127