Details of VAR-201707-0916

ID

VAR-201707-0916

CVE

CVE-2017-6706

TITLE

Cisco Prime Collaboration Provisioning Vulnerability in collecting important information in tool logging subsystem

Trust: 0.8

sources: JVNDB: JVNDB-2017-005304

DESCRIPTION

A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. Vendors have confirmed this vulnerability Bug ID CSCvd07260 It is released as.A local attacker could gain valuable information. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvd07260. The tool provides IP communications services capabilities for IP telephony, voice mail, and unified communications environments. The logging subsystem is one of the logging subsystems. The vulnerability stems from the fact that the program records sensitive information about user operations

Trust: 1.98

sources: NVD: CVE-2017-6706 // JVNDB: JVNDB-2017-005304 // BID: 99204 // VULHUB: VHN-114909

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	12.1_base	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.2_base	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.6_base	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	12.1	Trust: 0.3

sources: BID: 99204 // JVNDB: JVNDB-2017-005304 // CNNVD: CNNVD-201706-1014 // NVD: CVE-2017-6706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6706
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6706
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201706-1014
value:	LOW
Trust: 0.6
VULHUB:	VHN-114909
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-6706
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114909
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6706
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114909 // JVNDB: JVNDB-2017-005304 // CNNVD: CNNVD-201706-1014 // NVD: CVE-2017-6706

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-114909 // JVNDB: JVNDB-2017-005304 // NVD: CVE-2017-6706

THREAT TYPE

local

Trust: 0.9

sources: BID: 99204 // CNNVD: CNNVD-201706-1014

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-1014

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005304

PATCH

title:	cisco-sa-20170621-pcp4	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp4	Trust: 0.8
title:	Cisco Prime Collaboration Provisioning Tool logging Repair measures for subsystem information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73833	Trust: 0.6

sources: JVNDB: JVNDB-2017-005304 // CNNVD: CNNVD-201706-1014

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6706	Trust: 2.8
db:	BID	id:	99204	Trust: 2.0
db:	SECTRACK	id:	1038744	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-005304	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-1014	Trust: 0.7
db:	NSFOCUS	id:	36965	Trust: 0.6
db:	VULHUB	id:	VHN-114909	Trust: 0.1

sources: VULHUB: VHN-114909 // BID: 99204 // JVNDB: JVNDB-2017-005304 // CNNVD: CNNVD-201706-1014 // NVD: CVE-2017-6706

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-pcp4	Trust: 2.0
url:	http://www.securityfocus.com/bid/99204	Trust: 1.7
url:	http://www.securitytracker.com/id/1038744	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6706	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6706	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36965	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114909 // BID: 99204 // JVNDB: JVNDB-2017-005304 // CNNVD: CNNVD-201706-1014 // NVD: CVE-2017-6706

CREDITS

Cisco

Trust: 0.9

sources: BID: 99204 // CNNVD: CNNVD-201706-1014

SOURCES

db:	VULHUB	id:	VHN-114909
db:	BID	id:	99204
db:	JVNDB	id:	JVNDB-2017-005304
db:	CNNVD	id:	CNNVD-201706-1014
db:	NVD	id:	CVE-2017-6706

LAST UPDATE DATE

2024-11-23T22:07:18.923000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114909	date:	2017-07-07T00:00:00
db:	BID	id:	99204	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005304	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1014	date:	2017-09-01T00:00:00
db:	NVD	id:	CVE-2017-6706	date:	2024-11-21T03:30:20.813

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114909	date:	2017-07-04T00:00:00
db:	BID	id:	99204	date:	2017-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-005304	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201706-1014	date:	2017-06-21T00:00:00
db:	NVD	id:	CVE-2017-6706	date:	2017-07-04T00:29:00.493