Details of VAR-201711-0349

ID

VAR-201711-0349

CVE

CVE-2017-12354

TITLE

Cisco Secure Access Control System Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-010455

DESCRIPTION

A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based interface of the affected software. A successful exploit could allow the attacker to view sensitive information about the software, which the attacker could use to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvf66155. Vendors have confirmed this vulnerability Bug ID CSCvf66155 It is released as.Information may be obtained. This may result in further attacks. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 1.98

sources: NVD: CVE-2017-12354 // JVNDB: JVNDB-2017-010455 // BID: 101986 // VULHUB: VHN-102868

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.8\(0.32\)	Trust: 1.6
vendor:	cisco	model:	secure access control system software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	secure access control system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.8(0.32)	Trust: 0.3

sources: BID: 101986 // JVNDB: JVNDB-2017-010455 // CNNVD: CNNVD-201711-1212 // NVD: CVE-2017-12354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12354
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12354
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-1212
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102868
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12354
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102868
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12354
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102868 // JVNDB: JVNDB-2017-010455 // CNNVD: CNNVD-201711-1212 // NVD: CVE-2017-12354

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-102868 // JVNDB: JVNDB-2017-010455 // NVD: CVE-2017-12354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1212

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-1212

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010455

PATCH

title:	cisco-sa-20171129-acs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-acs	Trust: 0.8
title:	Cisco Secure Access Control System Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76831	Trust: 0.6

sources: JVNDB: JVNDB-2017-010455 // CNNVD: CNNVD-201711-1212

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12354	Trust: 2.8
db:	BID	id:	101986	Trust: 2.0
db:	SECTRACK	id:	1039923	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-010455	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1212	Trust: 0.7
db:	VULHUB	id:	VHN-102868	Trust: 0.1

sources: VULHUB: VHN-102868 // BID: 101986 // JVNDB: JVNDB-2017-010455 // CNNVD: CNNVD-201711-1212 // NVD: CVE-2017-12354

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-acs	Trust: 2.0
url:	http://www.securityfocus.com/bid/101986	Trust: 1.7
url:	http://www.securitytracker.com/id/1039923	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12354	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12354	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102868 // BID: 101986 // JVNDB: JVNDB-2017-010455 // CNNVD: CNNVD-201711-1212 // NVD: CVE-2017-12354

CREDITS

Cisco

Trust: 0.3

sources: BID: 101986

SOURCES

db:	VULHUB	id:	VHN-102868
db:	BID	id:	101986
db:	JVNDB	id:	JVNDB-2017-010455
db:	CNNVD	id:	CNNVD-201711-1212
db:	NVD	id:	CVE-2017-12354

LAST UPDATE DATE

2024-11-23T21:40:11.002000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102868	date:	2019-10-09T00:00:00
db:	BID	id:	101986	date:	2017-12-19T22:01:00
db:	JVNDB	id:	JVNDB-2017-010455	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-1212	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12354	date:	2024-11-21T03:09:22.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102868	date:	2017-11-30T00:00:00
db:	BID	id:	101986	date:	2017-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-010455	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-1212	date:	2017-12-01T00:00:00
db:	NVD	id:	CVE-2017-12354	date:	2017-11-30T09:29:01.103