CVE-2017-3871 - OpenCVE

A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Prime Optical

Configuration 1 [-]

cpe:2.3:a:cisco:prime_optical:10.6\(0.1\):*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96928
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-03-17T22:00:00

Updated: 2024-08-05T14:39:41.178Z

Reserved: 2016-12-21T00:00:00

Link: CVE-2017-3871

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-03-17T22:59:00.377

Modified: 2017-03-21T17:53:29.570

Link: CVE-2017-3871

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Prime Optical for Service Providers", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Prime Optical for Service Providers"}]}], "datePublic": "2017-03-17T00:00:00", "descriptions": [{"lang": "en", "value": "A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1)."}], "problemTypes": [{"descriptions": [{"description": "RADIUS Secret Disclosure Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-20T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "96928", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96928"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-3871", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Prime Optical for Service Providers", "version": {"version_data": [{"version_value": "Cisco Prime Optical for Service Providers"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "RADIUS Secret Disclosure Vulnerability"}]}]}, "references": {"reference_data": [{"name": "96928", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96928"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:41.178Z"}, "title": "CVE Program Container", "references": [{"name": "96928", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-3871", "datePublished": "2017-03-17T22:00:00", "dateReserved": "2016-12-21T00:00:00", "dateUpdated": "2024-08-05T14:39:41.178Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_optical:10.6\\(0.1\\):*:*:*:*:*:*:*", "matchCriteriaId": "CEACC2B8-15CC-4418-AFB3-5B3FDDF8B6FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1)."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n secreta de RADIUS en la interfaz de administraci\u00f3n de red web de Cisco Prime Optical Communications Manager podr\u00eda permitir a un atacante remoto autenticado revelar informaci\u00f3n sensible en la configuraci\u00f3n generada para un dispositivo. El atacante debe tener credenciales v\u00e1lidas para el dispositivo. M\u00e1s informaci\u00f3n: CSCvc65257. Lanzamientos afectados conocidos: 10,6 (0,1)."}], "id": "CVE-2017-3871", "lastModified": "2017-03-21T17:53:29.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-17T22:59:00.377", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96928"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}