cvelistv5 - cve-2017-6783

CVE-2017-6783 (GCVE-0-2017-6783)

Vulnerability from cvelistv5 – Published: 2017-08-17 20:00 – Updated: 2024-09-16 19:14

Summary

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1039187	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/100387	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1039186	vdb-entryx_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1039188	vdb-entryx_refsource_SECTRACK

Impacted products

Vendor

Product

Version

Cisco Systems, Inc.

Web Security Appliance (WSA)

Affected: 10.0.0-230

	Cisco Systems, Inc.	Email Security Appliance (ESA)	Affected: 9.7.2-065
	Cisco Systems, Inc.	Content Security Management Appliance (SMA)	Affected: 10.1.0-037

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039187",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039187"
          },
          {
            "name": "100387",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100387"
          },
          {
            "name": "1039186",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039186"
          },
          {
            "name": "20170816 Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa"
          },
          {
            "name": "1039188",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039188"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Web Security Appliance (WSA)",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0-230"
            }
          ]
        },
        {
          "product": "Email Security Appliance (ESA)",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9.7.2-065"
            }
          ]
        },
        {
          "product": "Content Security Management Appliance (SMA)",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.1.0-037"
            }
          ]
        }
      ],
      "datePublic": "2017-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-18T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1039187",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039187"
        },
        {
          "name": "100387",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100387"
        },
        {
          "name": "1039186",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039186"
        },
        {
          "name": "20170816 Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa"
        },
        {
          "name": "1039188",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039188"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2017-08-16T00:00:00",
          "ID": "CVE-2017-6783",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Web Security Appliance (WSA)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0-230"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Email Security Appliance (ESA)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.7.2-065"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Content Security Management Appliance (SMA)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.1.0-037"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039187",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039187"
            },
            {
              "name": "100387",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100387"
            },
            {
              "name": "1039186",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039186"
            },
            {
              "name": "20170816 Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa"
            },
            {
              "name": "1039188",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039188"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6783",
    "datePublished": "2017-08-17T20:00:00Z",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-09-16T19:14:34.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-037:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E58F8B5-7DC9-4089-AF25-DBA31AB9F1F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:email_security_appliance:9.7.2-065:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36E7EE7B-4363-47BB-A7FF-9347D65DBEBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0.0-230:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29EDE2F2-2EBE-41DF-A373-04E4FB7EDBD6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el sondeo SNMP para Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), y Content Security Management Appliance (SMA) podr\\u00eda permitir que un atacante remoto autenticado descubriese informaci\\u00f3n confidencial sobre los aparatos que solo deber\\u00eda estar disponible para un usuario administrador. La vulnerabilidad ocurre porque los aparatos no protegen la informaci\\u00f3n confidencial en reposo en respuesta a las peticiones de sondeo Simple Network Management Protocol (SNMP). Un atacante podr\\u00eda explotar esta vulnerabilidad haciendo una petici\\u00f3n de sondeo SNMP manipulada al aparato de seguridad objetivo. Un exploit podr\\u00eda permitir que el atacante descubra informaci\\u00f3n confidencial que deber\\u00eda estar restringida. El atacante podr\\u00eda utilizar esta informaci\\u00f3n para llevar a cabo reconocimientos adicionales. Para explotar esta vulnerabilidad, el atacante debe conocer la cadena de comunidad SNMP configurada. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Versiones afectadas conocidas: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), y 10.1.0-037 (Content Security Management Appliance).\"}]",
      "id": "CVE-2017-6783",
      "lastModified": "2024-11-21T03:30:31.243",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-17T20:29:00.793",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/100387\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039186\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039187\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039188\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100387\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039186\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039187\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039188\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6783\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-08-17T20:29:00.793\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el sondeo SNMP para Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), y Content Security Management Appliance (SMA) podr\u00eda permitir que un atacante remoto autenticado descubriese informaci\u00f3n confidencial sobre los aparatos que solo deber\u00eda estar disponible para un usuario administrador. La vulnerabilidad ocurre porque los aparatos no protegen la informaci\u00f3n confidencial en reposo en respuesta a las peticiones de sondeo Simple Network Management Protocol (SNMP). Un atacante podr\u00eda explotar esta vulnerabilidad haciendo una petici\u00f3n de sondeo SNMP manipulada al aparato de seguridad objetivo. Un exploit podr\u00eda permitir que el atacante descubra informaci\u00f3n confidencial que deber\u00eda estar restringida. El atacante podr\u00eda utilizar esta informaci\u00f3n para llevar a cabo reconocimientos adicionales. Para explotar esta vulnerabilidad, el atacante debe conocer la cadena de comunidad SNMP configurada. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Versiones afectadas conocidas: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), y 10.1.0-037 (Content Security Management Appliance).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-037:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E58F8B5-7DC9-4089-AF25-DBA31AB9F1F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:email_security_appliance:9.7.2-065:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36E7EE7B-4363-47BB-A7FF-9347D65DBEBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0.0-230:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29EDE2F2-2EBE-41DF-A373-04E4FB7EDBD6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100387\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039186\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039187\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039188\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100387\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-6783

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6783

Aliases

CVE-2017-6783

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6783",
    "description": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).",
    "id": "GSD-2017-6783"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6783"
      ],
      "details": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).",
      "id": "GSD-2017-6783",
      "modified": "2023-12-13T01:21:10.068872Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2017-08-16T00:00:00",
        "ID": "CVE-2017-6783",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Web Security Appliance (WSA)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "10.0.0-230"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Email Security Appliance (ESA)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.7.2-065"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Content Security Management Appliance (SMA)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "10.1.0-037"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco Systems, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1039187",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039187"
          },
          {
            "name": "100387",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100387"
          },
          {
            "name": "1039186",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039186"
          },
          {
            "name": "20170816 Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa"
          },
          {
            "name": "1039188",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039188"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-037:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-065:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6783"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20170816 Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa"
            },
            {
              "name": "1039188",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039188"
            },
            {
              "name": "1039187",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039187"
            },
            {
              "name": "1039186",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039186"
            },
            {
              "name": "100387",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100387"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2017-08-25T10:50Z",
      "publishedDate": "2017-08-17T20:29Z"
    }
  }
}

CNVD-2017-22160

Vulnerability from cnvd - Published: 2017-08-21

Title

多款Cisco产品SNMP polling信息泄露漏洞

Description

Cisco Web Security Appliance（WSA）、Email Security Appliance（ESA）和Content Security Management Appliance（SMA）都是美国思科（Cisco）公司的产品。Cisco WSA是一套Web安全设备。ESA是一套电子邮件安全设备。Content SMA是一套内容安全管理设备。SNMP polling是其中的一个网络管理轮询（CPU决策如何提供周边设备服务的方式）组件。多款Cisco产品中的SNMP polling存在信息泄露漏洞。远程攻击者可通过发送特制的SNMP轮询请求利用该漏洞获取证书信息。

Severity

中

Patch Name

多款Cisco产品SNMP polling信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-6783

Impacted products

Name
['Cisco Web Security Appliance (WSA) 10.0.0-230', 'Cisco Email Security Appliance (ESA) 9.7.2-065', 'Cisco Content Security Management Appliance (SMA) 10.1.0-037']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6783"
    }
  },
  "description": "Cisco Web Security Appliance\uff08WSA\uff09\u3001Email Security Appliance\uff08ESA\uff09\u548cContent Security Management Appliance\uff08SMA\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco WSA\u662f\u4e00\u5957Web\u5b89\u5168\u8bbe\u5907\u3002ESA\u662f\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002Content SMA\u662f\u4e00\u5957\u5185\u5bb9\u5b89\u5168\u7ba1\u7406\u8bbe\u5907\u3002SNMP polling\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u7ba1\u7406\u8f6e\u8be2\uff08CPU\u51b3\u7b56\u5982\u4f55\u63d0\u4f9b\u5468\u8fb9\u8bbe\u5907\u670d\u52a1\u7684\u65b9\u5f0f\uff09\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684SNMP polling\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SNMP\u8f6e\u8be2\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8bc1\u4e66\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22160",
  "openTime": "2017-08-21",
  "patchDescription": "Cisco Web Security Appliance\uff08WSA\uff09\u3001Email Security Appliance\uff08ESA\uff09\u548cContent Security Management Appliance\uff08SMA\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco WSA\u662f\u4e00\u5957Web\u5b89\u5168\u8bbe\u5907\u3002ESA\u662f\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002Content SMA\u662f\u4e00\u5957\u5185\u5bb9\u5b89\u5168\u7ba1\u7406\u8bbe\u5907\u3002SNMP polling\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u7ba1\u7406\u8f6e\u8be2\uff08CPU\u51b3\u7b56\u5982\u4f55\u63d0\u4f9b\u5468\u8fb9\u8bbe\u5907\u670d\u52a1\u7684\u65b9\u5f0f\uff09\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684SNMP polling\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SNMP\u8f6e\u8be2\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8bc1\u4e66\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco\u4ea7\u54c1SNMP polling\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Web Security Appliance (WSA) 10.0.0-230",
      "Cisco Email Security Appliance (ESA) 9.7.2-065",
      "Cisco Content Security Management Appliance (SMA) 10.1.0-037"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6783",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-18",
  "title": "\u591a\u6b3eCisco\u4ea7\u54c1SNMP polling\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-4P7M-9F38-J933

Vulnerability from github – Published: 2022-05-17 01:57 – Updated: 2022-05-17 01:57

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6783"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-17T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).",
  "id": "GHSA-4p7m-9f38-j933",
  "modified": "2022-05-17T01:57:37Z",
  "published": "2022-05-17T01:57:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6783"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100387"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039186"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039187"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201708-1337

Vulnerability from variot - Updated: 2023-12-18 13:48

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1337",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "10.0.0-230"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.7.2-065"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "10.1.0-037"
      },
      {
        "model": "e email security the appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "web security the appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "content security management appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "100387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-037:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-065:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6783"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "100387"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6783",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-6783",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-114986",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-6783",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6783",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-793",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114986",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance). Vendors have confirmed this vulnerability Bug ID CSCve26106 , CSCve26202 ,and CSCve26224 It is released as.Information may be obtained. Multiple Cisco Products are prone to an information-disclosure vulnerability. SNMP polling is one of the components of network management polling (the way the CPU decides how to provide services to peripheral devices)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6783"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "db": "BID",
        "id": "100387"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114986"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6783",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "100387",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1039187",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1039188",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1039186",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "37434",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-114986",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114986"
      },
      {
        "db": "BID",
        "id": "100387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ]
  },
  "id": "VAR-201708-1337",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114986"
      }
    ],
    "trust": 0.54258195
  },
  "last_update_date": "2023-12-18T13:48:30.976000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170816-csa",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-csa"
      },
      {
        "title": "Multiple Cisco product SNMP polling Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74110"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6783"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-csa"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/100387"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1039186"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1039187"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1039188"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6783"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6783"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/37434"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114986"
      },
      {
        "db": "BID",
        "id": "100387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114986"
      },
      {
        "db": "BID",
        "id": "100387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114986"
      },
      {
        "date": "2017-08-16T00:00:00",
        "db": "BID",
        "id": "100387"
      },
      {
        "date": "2017-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "date": "2017-08-17T20:29:00.793000",
        "db": "NVD",
        "id": "CVE-2017-6783"
      },
      {
        "date": "2017-08-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114986"
      },
      {
        "date": "2017-08-16T00:00:00",
        "db": "BID",
        "id": "100387"
      },
      {
        "date": "2017-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      },
      {
        "date": "2017-08-25T10:50:44.853000",
        "db": "NVD",
        "id": "CVE-2017-6783"
      },
      {
        "date": "2017-08-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco Information disclosure vulnerability in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007255"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-793"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-6783

Vulnerability from fkie_nvd - Published: 2017-08-17 20:29 - Updated: 2025-04-20 01:37

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/100387	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039186	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039187	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039188	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100387	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039186	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039187	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039188	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	content_security_management_appliance	10.1.0-037
cisco	email_security_appliance	9.7.2-065
cisco	web_security_appliance	10.0.0-230

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-037:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E58F8B5-7DC9-4089-AF25-DBA31AB9F1F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-065:*:*:*:*:*:*:*",
              "matchCriteriaId": "36E7EE7B-4363-47BB-A7FF-9347D65DBEBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-230:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EDE2F2-2EBE-41DF-A373-04E4FB7EDBD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el sondeo SNMP para Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), y Content Security Management Appliance (SMA) podr\u00eda permitir que un atacante remoto autenticado descubriese informaci\u00f3n confidencial sobre los aparatos que solo deber\u00eda estar disponible para un usuario administrador. La vulnerabilidad ocurre porque los aparatos no protegen la informaci\u00f3n confidencial en reposo en respuesta a las peticiones de sondeo Simple Network Management Protocol (SNMP). Un atacante podr\u00eda explotar esta vulnerabilidad haciendo una petici\u00f3n de sondeo SNMP manipulada al aparato de seguridad objetivo. Un exploit podr\u00eda permitir que el atacante descubra informaci\u00f3n confidencial que deber\u00eda estar restringida. El atacante podr\u00eda utilizar esta informaci\u00f3n para llevar a cabo reconocimientos adicionales. Para explotar esta vulnerabilidad, el atacante debe conocer la cadena de comunidad SNMP configurada. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Versiones afectadas conocidas: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), y 10.1.0-037 (Content Security Management Appliance)."
    }
  ],
  "id": "CVE-2017-6783",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-17T20:29:00.793",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100387"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039186"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039187"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039188"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6783 (GCVE-0-2017-6783)

GSD-2017-6783

CNVD-2017-22160

GHSA-4P7M-9F38-J933

VAR-201708-1337

FKIE_CVE-2017-6783

Tags

Sightings

Nomenclature