Sign-up

ID

VAR-201709-1085


CVE

CVE-2017-6793


TITLE

Cisco Prime Collaboration Provisioning Tool Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007831

DESCRIPTION

A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit this vulnerability by accessing unauthorized information via the user interface. Cisco Bug IDs: CSCvd61932. Vendors have confirmed this vulnerability Bug ID CSCvd61932 It is released as.Information may be obtained. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. The tool provides IP communications services capabilities for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2017-6793 // JVNDB: JVNDB-2017-007831 // BID: 100937 // VULHUB: VHN-114996

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.1

Trust: 0.3

sources: BID: 100937 // JVNDB: JVNDB-2017-007831 // CNNVD: CNNVD-201709-216 // NVD: CVE-2017-6793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6793
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6793
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-216
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114996
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6793
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114996
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6793
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114996 // JVNDB: JVNDB-2017-007831 // CNNVD: CNNVD-201709-216 // NVD: CVE-2017-6793

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114996 // JVNDB: JVNDB-2017-007831 // NVD: CVE-2017-6793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-216

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007831

PATCH
title:cisco-sa-20170906-pcpt1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt1
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Tool Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74572
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-007831 // 
            
            
            
            CNNVD: CNNVD-201709-216

EXTERNAL IDS
db:NVDid:CVE-2017-6793
Trust: 2.8
db:SECTRACKid:1039280
Trust: 1.7
db:JVNDBid:JVNDB-2017-007831
Trust: 0.8
db:CNNVDid:CNNVD-201709-216
Trust: 0.7
db:BIDid:100937
Trust: 0.4
db:VULHUBid:VHN-114996
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114996 // 
            
            
            
            BID: 100937 // 
            
            
            
            JVNDB: JVNDB-2017-007831 // 
            
            
            
            CNNVD: CNNVD-201709-216 // 
            
            
            
            NVD: CVE-2017-6793

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-pcpt1
Trust: 2.0
url:http://www.securitytracker.com/id/1039280
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6793
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6793
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114996 // 
            
            
            
            BID: 100937 // 
            
            
            
            JVNDB: JVNDB-2017-007831 // 
            
            
            
            CNNVD: CNNVD-201709-216 // 
            
            
            
            NVD: CVE-2017-6793

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 100937

SOURCES
db:VULHUBid:VHN-114996
db:BIDid:100937
db:JVNDBid:JVNDB-2017-007831
db:CNNVDid:CNNVD-201709-216
db:NVDid:CVE-2017-6793

LAST UPDATE DATE
2024-11-23T22:48:54.966000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114996date:2019-10-09T00:00:00
db:BIDid:100937date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-007831date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201709-216date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6793date:2024-11-21T03:30:32.427

SOURCES RELEASE DATE
db:VULHUBid:VHN-114996date:2017-09-07T00:00:00
db:BIDid:100937date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-007831date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201709-216date:2017-09-12T00:00:00
db:NVDid:CVE-2017-6793date:2017-09-07T21:29:00.880