Details of VAR-201708-1344

ID

VAR-201708-1344

CVE

CVE-2017-6752

TITLE

Cisco Adaptive Security Appliance Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-006821

DESCRIPTION

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol (LDAP) and SSL Connection Profile when they are configured together. An attacker could exploit the vulnerability by performing a username enumeration attack to the IP address of the device. An exploit could allow the attacker to determine valid usernames. Cisco Bug IDs: CSCvd47888. Vendors have confirmed this vulnerability Bug ID CSCvd47888 It is released as.Information may be obtained. The appliance also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, anti-spam, and more

Trust: 1.98

sources: NVD: CVE-2017-6752 // JVNDB: JVNDB-2017-006821 // BID: 100113 // VULHUB: VHN-114955

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(3)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6(2)	Trust: 0.8
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x9.6(2)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x9.3(3)	Trust: 0.3

sources: BID: 100113 // JVNDB: JVNDB-2017-006821 // CNNVD: CNNVD-201708-133 // NVD: CVE-2017-6752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6752
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6752
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201708-133
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114955
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6752
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114955
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6752
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114955 // JVNDB: JVNDB-2017-006821 // CNNVD: CNNVD-201708-133 // NVD: CVE-2017-6752

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-114955 // JVNDB: JVNDB-2017-006821 // NVD: CVE-2017-6752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-133

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-133

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006821

PATCH

title:	CSCvd47888 - Cisco Adaptive Security Appliance Username Enumeration	url:	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd47888	Trust: 0.8
title:	cisco-sa-20170802-asa2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa2	Trust: 0.8
title:	Cisco Adaptive Security Appliance Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72375	Trust: 0.6

sources: JVNDB: JVNDB-2017-006821 // CNNVD: CNNVD-201708-133

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6752	Trust: 2.8
db:	BID	id:	100113	Trust: 2.0
db:	SECTRACK	id:	1039057	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-006821	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-133	Trust: 0.7
db:	VULHUB	id:	VHN-114955	Trust: 0.1

sources: VULHUB: VHN-114955 // BID: 100113 // JVNDB: JVNDB-2017-006821 // CNNVD: CNNVD-201708-133 // NVD: CVE-2017-6752

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170802-asa2	Trust: 2.0
url:	http://www.securityfocus.com/bid/100113	Trust: 1.7
url:	https://quickview.cloudapps.cisco.com/quickview/bug/cscvd47888	Trust: 1.7
url:	http://www.securitytracker.com/id/1039057	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6752	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6752	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114955 // BID: 100113 // JVNDB: JVNDB-2017-006821 // CNNVD: CNNVD-201708-133 // NVD: CVE-2017-6752

CREDITS

Inc.,Kirk Hayes of Rapid7

Trust: 0.6

sources: CNNVD: CNNVD-201708-133

SOURCES

db:	VULHUB	id:	VHN-114955
db:	BID	id:	100113
db:	JVNDB	id:	JVNDB-2017-006821
db:	CNNVD	id:	CNNVD-201708-133
db:	NVD	id:	CVE-2017-6752

LAST UPDATE DATE

2024-11-23T22:34:34.054000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114955	date:	2019-10-09T00:00:00
db:	BID	id:	100113	date:	2017-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-006821	date:	2017-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201708-133	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6752	date:	2024-11-21T03:30:26.980

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114955	date:	2017-08-07T00:00:00
db:	BID	id:	100113	date:	2017-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-006821	date:	2017-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201708-133	date:	2017-08-04T00:00:00
db:	NVD	id:	CVE-2017-6752	date:	2017-08-07T06:29:00.387