cvelistv5 - cve-2017-3846

CVE-2017-3846 (GCVE-0-2017-3846)

Vulnerability from cvelistv5 – Published: 2017-03-15 20:00 – Updated: 2024-08-05 14:39

Summary

Severity ?

No CVSS data available.

CWE

CWE-20 - Arbitrary File Read Vulnerability CWE-20

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/96910	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1038044	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server	Affected: Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
          },
          {
            "name": "96910",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96910"
          },
          {
            "name": "1038044",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038044"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server"
            }
          ]
        }
      ],
      "datePublic": "2017-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Arbitrary File Read Vulnerability CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-11T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
        },
        {
          "name": "96910",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96910"
        },
        {
          "name": "1038044",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038044"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3846",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary File Read Vulnerability CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
            },
            {
              "name": "96910",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96910"
            },
            {
              "name": "1038044",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038044"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3846",
    "datePublished": "2017-03-15T20:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.435:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03664F3E-D42C-4437-910A-64D57DFF9664\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.510:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99AA140E-7F7F-44C2-9241-9ACDF4D75776\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB809B62-B1B5-456F-B841-F4052C4F2B35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0.116:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41E15966-76FE-4E00-A509-248D9D6A3048\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el Client Manager Server de Cisco Workload Automation y Cisco Tidal Enterprise Scheduler podr\\u00eda permitir a un atacante remoto no autenticado recuperar cualquier archivo de Client Manager Server. La vulnerabilidad se debe a la insuficiente validaci\\u00f3n de entradas. Un atacante podr\\u00eda explotar esta vulnerabilidad enviando una URL manipulada a Client Manager Server. Un exploit podr\\u00eda permitir al atacante recuperar cualquier archivo de Cisco Workload Automation o Cisco Tidal Enterprise Scheduler Client Manager Server. Esta vulnerabilidad afecta a los siguientes productos: Cisco Tidal Enterprise Scheduler Client Manager Server versi\\u00f3n 6.2.1.435 y versiones posteriores, Cisco Workload Automation Client Manager Server versi\\u00f3n 6.3.0.116 y versiones posteriores. ID de errores de Cisco: CSCvc90789.\"}]",
      "id": "CVE-2017-3846",
      "lastModified": "2024-11-21T03:26:13.937",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-03-15T20:59:00.227",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/96910\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038044\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/96910\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038044\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3846\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-03-15T20:59:00.227\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el Client Manager Server de Cisco Workload Automation y Cisco Tidal Enterprise Scheduler podr\u00eda permitir a un atacante remoto no autenticado recuperar cualquier archivo de Client Manager Server. La vulnerabilidad se debe a la insuficiente validaci\u00f3n de entradas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una URL manipulada a Client Manager Server. Un exploit podr\u00eda permitir al atacante recuperar cualquier archivo de Cisco Workload Automation o Cisco Tidal Enterprise Scheduler Client Manager Server. Esta vulnerabilidad afecta a los siguientes productos: Cisco Tidal Enterprise Scheduler Client Manager Server versi\u00f3n 6.2.1.435 y versiones posteriores, Cisco Workload Automation Client Manager Server versi\u00f3n 6.3.0.116 y versiones posteriores. ID de errores de Cisco: CSCvc90789.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.435:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03664F3E-D42C-4437-910A-64D57DFF9664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.510:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99AA140E-7F7F-44C2-9241-9ACDF4D75776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB809B62-B1B5-456F-B841-F4052C4F2B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0.116:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41E15966-76FE-4E00-A509-248D9D6A3048\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96910\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038044\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96910\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-04110

Vulnerability from cnvd - Published: 2017-04-09

Title

多个Cisco产品任意文件读取漏洞

Description

Cisco Tidal Enterprise Scheduler和Cisco Workload Automation Client Manager Server都是美国思科（Cisco）公司的产品。Cisco Tidal Enterprise Scheduler是一款跨平台的企业工作日程应用软件。多个Cisco产品存在任意文件读取漏洞。远程攻击者可利用此漏洞在受影响程序中运行的用户的上下文中读取任意文件，导致进一步攻击。

Severity

中

Patch Name

多个Cisco产品任意文件读取漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes http://www.securityfocus.com/bid/96910

Impacted products

Name
['Cisco Workload Automation 6.3.0.116', 'Cisco Tidal Enterprise Scheduler 6.2.1.435']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96910"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3846",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3846"
    }
  },
  "description": "Cisco Tidal Enterprise Scheduler\u548cCisco Workload Automation Client Manager Server\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Tidal Enterprise Scheduler\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u4f01\u4e1a\u5de5\u4f5c\u65e5\u7a0b\u5e94\u7528\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aCisco\u4ea7\u54c1\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7a0b\u5e8f\u4e2d\u8fd0\u884c\u7684\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04110",
  "openTime": "2017-04-09",
  "patchDescription": "Cisco Tidal Enterprise Scheduler\u548cCisco Workload Automation Client Manager Server\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Tidal Enterprise Scheduler\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u4f01\u4e1a\u5de5\u4f5c\u65e5\u7a0b\u5e94\u7528\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aCisco\u4ea7\u54c1\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7a0b\u5e8f\u4e2d\u8fd0\u884c\u7684\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aCisco\u4ea7\u54c1\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Workload Automation 6.3.0.116",
      "Cisco Tidal Enterprise Scheduler 6.2.1.435"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes\r\nhttp://www.securityfocus.com/bid/96910",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-16",
  "title": "\u591a\u4e2aCisco\u4ea7\u54c1\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}

VAR-201703-0715

Vulnerability from variot - Updated: 2023-12-18 14:05

A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789. Vendors have confirmed this vulnerability Bug ID CSCvc90789 It is released as.Information may be obtained. Multiple Cisco Products are prone to a security vulnerability that allows remote attackers to read arbitrary files. Successful exploits may allow an attacker to read arbitrary files in the context of the user running the affected application. This may aid in further attacks. TES a set of work automation solutions. The solution simplifies the way enterprise-wide job scheduling and automated business processes are defined, managed and delivered. CWA is a suite of software for optimizing data center workload management.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"]

-----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJYyWWrZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlc+Q/+NaDFV8ZqaPeGvBEm 46PrfX/+OeR2y869YrW7TzIayWy7WWGVZTZC/01NQUnS+YZUpqzHaMNpNjgNrudL S6hP4VrFEYWdSMYcqNw4k/S9ZSQPilJdyZ+0Z8CgJR9R0NtaC5m6MUbdqfmdA7+0 JrsHWiyWJV6t4WdxdPf6qOeLHO4lKhpkSIMhwQdhKzF7S9P8qzsKJZAfApArzrsb JpvUMA17gGBNCiEKIBYohxJ8BKKwdFOQb8W5Oh+rnRxktRHd+zsEtHPPg0QYZe49 XO4usDU9PPZCeA5Z25bBucNgIG96yTt4xM6TfZKeG9cqPAM8HbsWrk/coXM2Z5Ts NKPpvE3snKwPdCADb12IF25FCiPCVyZiVhyb76n0ViiGTTu7MxjFJJ7mR5Sp3D1M vOS8Ha21SdW0Phlf3w8S8J73gw7aqd4jU2hghAHkBOqzxvyrjYSsbKbENt0zv9p7 t1F0HwKV8hY+gUiK49+fqaH+Sq8MFVJAdX1LVqa/cyqwZzGO1i5uVHDp6PQ94ZBC XLhTgZnx/kTg6uJshmpd9scKaRB0IvSzPYiWm+C66ss9dIgLJwj8PfXnt5pwnMzb J0aJydejldPn896Y4GG4tBJd+mD4uNImqsLH4iRnB4RXnjOH6sEaf9REammL5C+j weZFM3KTJLnOjdAs2rMOaCfp60s= =HobL -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0715",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tidal enterprise scheduler",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "6.2.1.435"
      },
      {
        "model": "tidal enterprise scheduler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.3.0"
      },
      {
        "model": "tidal enterprise scheduler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.3.0.116"
      },
      {
        "model": "tidal enterprise scheduler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.2.1.510"
      },
      {
        "model": "tidal enterprise scheduler",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workload automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.0.116"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0.116:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.435:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.510:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "96910"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3846",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-3846",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-112049",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 8.6,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-3846",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3846",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-636",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-112049",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789. Vendors have confirmed this vulnerability Bug ID CSCvc90789 It is released as.Information may be obtained. Multiple Cisco Products are prone to a security vulnerability that allows remote attackers to read arbitrary files. \nSuccessful exploits may allow an attacker to read arbitrary files in the context of the user running the affected application. This may aid in further attacks. TES a set of work automation solutions. The solution simplifies the way enterprise-wide job scheduling and automated business processes are defined, managed and delivered. CWA is a suite of software for optimizing data center workload management. \n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. \n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes\"]\n\n-----BEGIN PGP SIGNATURE-----\n\niQKBBAEBAgBrBQJYyWWrZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg\nSW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx\nNykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlc+Q/+NaDFV8ZqaPeGvBEm\n46PrfX/+OeR2y869YrW7TzIayWy7WWGVZTZC/01NQUnS+YZUpqzHaMNpNjgNrudL\nS6hP4VrFEYWdSMYcqNw4k/S9ZSQPilJdyZ+0Z8CgJR9R0NtaC5m6MUbdqfmdA7+0\nJrsHWiyWJV6t4WdxdPf6qOeLHO4lKhpkSIMhwQdhKzF7S9P8qzsKJZAfApArzrsb\nJpvUMA17gGBNCiEKIBYohxJ8BKKwdFOQb8W5Oh+rnRxktRHd+zsEtHPPg0QYZe49\nXO4usDU9PPZCeA5Z25bBucNgIG96yTt4xM6TfZKeG9cqPAM8HbsWrk/coXM2Z5Ts\nNKPpvE3snKwPdCADb12IF25FCiPCVyZiVhyb76n0ViiGTTu7MxjFJJ7mR5Sp3D1M\nvOS8Ha21SdW0Phlf3w8S8J73gw7aqd4jU2hghAHkBOqzxvyrjYSsbKbENt0zv9p7\nt1F0HwKV8hY+gUiK49+fqaH+Sq8MFVJAdX1LVqa/cyqwZzGO1i5uVHDp6PQ94ZBC\nXLhTgZnx/kTg6uJshmpd9scKaRB0IvSzPYiWm+C66ss9dIgLJwj8PfXnt5pwnMzb\nJ0aJydejldPn896Y4GG4tBJd+mD4uNImqsLH4iRnB4RXnjOH6sEaf9REammL5C+j\nweZFM3KTJLnOjdAs2rMOaCfp60s=\n=HobL\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "PACKETSTORM",
        "id": "141663"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-112049",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3846",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "96910",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1038044",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "141663",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-112049",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "id": "VAR-201703-0715",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:05:50.461000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170315-tes",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-tes"
      },
      {
        "title": "Cisco Tidal Enterprise Scheduler  and Workload Automation Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68497"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-tes"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/96910"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038044"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3846"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3846"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-tes\"]"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "date": "2017-03-15T00:00:00",
        "db": "BID",
        "id": "96910"
      },
      {
        "date": "2017-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "date": "2017-03-16T00:10:59",
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "date": "2017-03-15T20:59:00.227000",
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "date": "2017-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "date": "2017-03-16T00:03:00",
        "db": "BID",
        "id": "96910"
      },
      {
        "date": "2017-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "date": "2017-07-12T01:29:15.503000",
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "date": "2017-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Workload Automation and  Tidal Enterprise Scheduler Vulnerable to incorrect input validation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ],
    "trust": 0.6
  }
}

GSD-2017-3846

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3846

Aliases

CVE-2017-3846

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3846",
    "description": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.",
    "id": "GSD-2017-3846"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3846"
      ],
      "details": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.",
      "id": "GSD-2017-3846",
      "modified": "2023-12-13T01:21:16.808335Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-3846",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Arbitrary File Read Vulnerability CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
          },
          {
            "name": "96910",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96910"
          },
          {
            "name": "1038044",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038044"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0.116:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.435:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.510:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3846"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
            },
            {
              "name": "96910",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/96910"
            },
            {
              "name": "1038044",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038044"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2017-07-12T01:29Z",
      "publishedDate": "2017-03-15T20:59Z"
    }
  }
}

FKIE_CVE-2017-3846

Vulnerability from fkie_nvd - Published: 2017-03-15 20:59 - Updated: 2025-04-20 01:37

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/96910	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1038044
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96910	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038044
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	tidal_enterprise_scheduler	6.2.1.435
cisco	tidal_enterprise_scheduler	6.2.1.510
cisco	tidal_enterprise_scheduler	6.3.0
cisco	tidal_enterprise_scheduler	6.3.0.116

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.435:*:*:*:*:*:*:*",
              "matchCriteriaId": "03664F3E-D42C-4437-910A-64D57DFF9664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.510:*:*:*:*:*:*:*",
              "matchCriteriaId": "99AA140E-7F7F-44C2-9241-9ACDF4D75776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB809B62-B1B5-456F-B841-F4052C4F2B35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0.116:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E15966-76FE-4E00-A509-248D9D6A3048",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el Client Manager Server de Cisco Workload Automation y Cisco Tidal Enterprise Scheduler podr\u00eda permitir a un atacante remoto no autenticado recuperar cualquier archivo de Client Manager Server. La vulnerabilidad se debe a la insuficiente validaci\u00f3n de entradas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una URL manipulada a Client Manager Server. Un exploit podr\u00eda permitir al atacante recuperar cualquier archivo de Cisco Workload Automation o Cisco Tidal Enterprise Scheduler Client Manager Server. Esta vulnerabilidad afecta a los siguientes productos: Cisco Tidal Enterprise Scheduler Client Manager Server versi\u00f3n 6.2.1.435 y versiones posteriores, Cisco Workload Automation Client Manager Server versi\u00f3n 6.3.0.116 y versiones posteriores. ID de errores de Cisco: CSCvc90789."
    }
  ],
  "id": "CVE-2017-3846",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-15T20:59:00.227",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96910"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1038044"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3CG9-84J6-755P

Vulnerability from github – Published: 2022-05-17 02:30 – Updated: 2022-05-17 02:30

Details

Severity ?

8.6 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-15T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.",
  "id": "GHSA-3cg9-84j6-755p",
  "modified": "2022-05-17T02:30:17Z",
  "published": "2022-05-17T02:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3846"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96910"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038044"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-084

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Tidal Enterprise Scheduler Client Manager Server versions 6.2.1.435 et postérieures
Cisco	N/A	Cisco 8500 Series Wireless Controller
Cisco	N/A	Cisco Flex 7500 Series Wireless Controller
Cisco	N/A	Cisco Virtual Wireless Controller
Cisco	N/A	Cisco Mobility Express 1800 Series Access Points avec une version logicielle antérieure à 8.2.110.0
Cisco	N/A	Cisco Virtualized Packet Core avec StarOS versions antérieures à N 4.2.7 (19.3.v7) et N4.7 (20.2.v0) avec SSH
Cisco	N/A	Wireless Services Module 2 (WiSM2)
Cisco	N/A	Cisco ASR 5000/5500/5700 Series avec StarOS versions postérieures à 17.7.0 et antérieures à 18.7.4, 19.5, ou 20.2.3 avec SSH
Cisco	N/A	Cisco 5500 Series Wireless Controller
Cisco	N/A	Cisco Workload Automation Client Manager Server versions 6.3.0.116 et postérieures
Cisco	N/A	Cisco 2500 Series Wireless Controller

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170315-ap1800 du 15 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170315-tes du 15 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170315-wlc-mesh du 15 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170315-asr du 15 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170315-asr du 15 mars 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170315-tes du 15 mars 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170315-wlc-mesh du 15 mars 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170315-ap1800 du 15 mars 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Tidal Enterprise Scheduler Client Manager Server versions 6.2.1.435 et post\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 8500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Flex 7500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtual Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Mobility Express 1800 Series Access Points avec une version logicielle ant\u00e9rieure \u00e0 8.2.110.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtualized Packet Core avec StarOS versions ant\u00e9rieures \u00e0 N 4.2.7 (19.3.v7) et N4.7 (20.2.v0) avec SSH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Wireless Services Module 2 (WiSM2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASR 5000/5500/5700 Series avec StarOS versions post\u00e9rieures \u00e0 17.7.0 et ant\u00e9rieures \u00e0 18.7.4, 19.5, ou 20.2.3 avec SSH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 5500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Workload Automation Client Manager Server versions 6.3.0.116 et post\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3831"
    },
    {
      "name": "CVE-2017-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3819"
    },
    {
      "name": "CVE-2017-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3846"
    },
    {
      "name": "CVE-2017-3854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3854"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-asr du 15 mars    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-tes du 15 mars    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-wlc-mesh du 15    mars 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-ap1800 du 15    mars 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800"
    }
  ],
  "reference": "CERTFR-2017-AVI-084",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-ap1800 du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-tes du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-wlc-mesh du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-asr du 15 mars 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-084

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Tidal Enterprise Scheduler Client Manager Server versions 6.2.1.435 et postérieures
Cisco	N/A	Cisco 8500 Series Wireless Controller
Cisco	N/A	Cisco Flex 7500 Series Wireless Controller
Cisco	N/A	Cisco Virtual Wireless Controller
Cisco	N/A	Cisco Mobility Express 1800 Series Access Points avec une version logicielle antérieure à 8.2.110.0
Cisco	N/A	Cisco Virtualized Packet Core avec StarOS versions antérieures à N 4.2.7 (19.3.v7) et N4.7 (20.2.v0) avec SSH
Cisco	N/A	Wireless Services Module 2 (WiSM2)
Cisco	N/A	Cisco ASR 5000/5500/5700 Series avec StarOS versions postérieures à 17.7.0 et antérieures à 18.7.4, 19.5, ou 20.2.3 avec SSH
Cisco	N/A	Cisco 5500 Series Wireless Controller
Cisco	N/A	Cisco Workload Automation Client Manager Server versions 6.3.0.116 et postérieures
Cisco	N/A	Cisco 2500 Series Wireless Controller

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170315-ap1800 du 15 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170315-tes du 15 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170315-wlc-mesh du 15 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170315-asr du 15 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170315-asr du 15 mars 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170315-tes du 15 mars 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170315-wlc-mesh du 15 mars 2017	-	other
Bulletin de sécurité Cisco cisco-sa-20170315-ap1800 du 15 mars 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Tidal Enterprise Scheduler Client Manager Server versions 6.2.1.435 et post\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 8500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Flex 7500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtual Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Mobility Express 1800 Series Access Points avec une version logicielle ant\u00e9rieure \u00e0 8.2.110.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtualized Packet Core avec StarOS versions ant\u00e9rieures \u00e0 N 4.2.7 (19.3.v7) et N4.7 (20.2.v0) avec SSH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Wireless Services Module 2 (WiSM2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASR 5000/5500/5700 Series avec StarOS versions post\u00e9rieures \u00e0 17.7.0 et ant\u00e9rieures \u00e0 18.7.4, 19.5, ou 20.2.3 avec SSH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 5500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Workload Automation Client Manager Server versions 6.3.0.116 et post\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3831"
    },
    {
      "name": "CVE-2017-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3819"
    },
    {
      "name": "CVE-2017-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3846"
    },
    {
      "name": "CVE-2017-3854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3854"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-asr du 15 mars    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-tes du 15 mars    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-wlc-mesh du 15    mars 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-ap1800 du 15    mars 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800"
    }
  ],
  "reference": "CERTFR-2017-AVI-084",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-ap1800 du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-tes du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-wlc-mesh du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-asr du 15 mars 2017",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3846 (GCVE-0-2017-3846)

CNVD-2017-04110

VAR-201703-0715

GSD-2017-3846

FKIE_CVE-2017-3846

GHSA-3CG9-84J6-755P

CERTFR-2017-AVI-084

Solution

CERTFR-2017-AVI-084

Solution

Tags

Sightings

Nomenclature