Sign-up

ID

VAR-201708-1337


CVE

CVE-2017-6783


TITLE

plural Cisco Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-007255

DESCRIPTION

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance). Vendors have confirmed this vulnerability Bug ID CSCve26106 , CSCve26202 ,and CSCve26224 It is released as.Information may be obtained. Multiple Cisco Products are prone to an information-disclosure vulnerability. SNMP polling is one of the components of network management polling (the way the CPU decides how to provide services to peripheral devices)

Trust: 1.98

sources: NVD: CVE-2017-6783 // JVNDB: JVNDB-2017-007255 // BID: 100387 // VULHUB: VHN-114986

AFFECTED PRODUCTS

vendor:ciscomodel:web security appliancescope:eqversion:10.0.0-230

Trust: 1.9

vendor:ciscomodel:email security appliancescope:eqversion:9.7.2-065

Trust: 1.9

vendor:ciscomodel:content security management appliancescope:eqversion:10.1.0-037

Trust: 1.9

vendor:ciscomodel:e email security the appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:web security the appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:content security management appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:web security appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:content security management appliancescope:eqversion:0

Trust: 0.3

sources: BID: 100387 // JVNDB: JVNDB-2017-007255 // CNNVD: CNNVD-201708-793 // NVD: CVE-2017-6783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6783
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6783
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201708-793
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114986
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6783
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114986
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6783
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114986 // JVNDB: JVNDB-2017-007255 // CNNVD: CNNVD-201708-793 // NVD: CVE-2017-6783

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114986 // JVNDB: JVNDB-2017-007255 // NVD: CVE-2017-6783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-793

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-793

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007255

PATCH
title:cisco-sa-20170816-csaurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
Trust: 0.8
title:Multiple Cisco product SNMP polling Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74110
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-007255 // 
            
            
            
            CNNVD: CNNVD-201708-793

EXTERNAL IDS
db:NVDid:CVE-2017-6783
Trust: 2.8
db:BIDid:100387
Trust: 1.4
db:SECTRACKid:1039187
Trust: 1.1
db:SECTRACKid:1039188
Trust: 1.1
db:SECTRACKid:1039186
Trust: 1.1
db:JVNDBid:JVNDB-2017-007255
Trust: 0.8
db:CNNVDid:CNNVD-201708-793
Trust: 0.7
db:NSFOCUSid:37434
Trust: 0.6
db:VULHUBid:VHN-114986
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114986 // 
            
            
            
            BID: 100387 // 
            
            
            
            JVNDB: JVNDB-2017-007255 // 
            
            
            
            CNNVD: CNNVD-201708-793 // 
            
            
            
            NVD: CVE-2017-6783

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-csa
Trust: 2.0
url:http://www.securityfocus.com/bid/100387
Trust: 1.1
url:http://www.securitytracker.com/id/1039186
Trust: 1.1
url:http://www.securitytracker.com/id/1039187
Trust: 1.1
url:http://www.securitytracker.com/id/1039188
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6783
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6783
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37434
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114986 // 
            
            
            
            BID: 100387 // 
            
            
            
            JVNDB: JVNDB-2017-007255 // 
            
            
            
            CNNVD: CNNVD-201708-793 // 
            
            
            
            NVD: CVE-2017-6783

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100387

SOURCES
db:VULHUBid:VHN-114986
db:BIDid:100387
db:JVNDBid:JVNDB-2017-007255
db:CNNVDid:CNNVD-201708-793
db:NVDid:CVE-2017-6783

LAST UPDATE DATE
2024-11-23T22:22:26.502000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114986date:2017-08-25T00:00:00
db:BIDid:100387date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007255date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201708-793date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6783date:2024-11-21T03:30:31.243

SOURCES RELEASE DATE
db:VULHUBid:VHN-114986date:2017-08-17T00:00:00
db:BIDid:100387date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007255date:2017-09-14T00:00:00
db:CNNVDid:CNNVD-201708-793date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6783date:2017-08-17T20:29:00.793