VAR-201707-0904
Vulnerability from variot - Updated: 2023-12-18 13:29A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd47343 It is released as.Authenticated by local attackers root May be promoted to. Cisco PrimeNetwork is an integrated component of Cisco PrimeforIPNGNsuite and is a stand-alone product. This issue is being tracked by Cisco Bug ID CSCvd47343. The installation procedure is one of the installation configuration procedures. The vulnerability stems from the fact that the program does not have the correct installation binary file and does not have the correct permission to configure the binary file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0904",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime network",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.3\\(1.0\\)pp2"
},
{
"model": "prime network",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2\\(2.1\\)pp1"
},
{
"model": "prime network",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2\\(3.0\\)pp6"
},
{
"model": "prime network",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.3\\(0.0\\)pp4"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.2(2.1)pp1"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.2(3.0)pp6"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3(0.0)pp4"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3(1.0)pp2"
},
{
"model": "prime network",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "prime network software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network 4.3 pp2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime network 4.3 pp4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime network 4.2 pp6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime network 4.2 pp1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime network",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3(2)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_network:4.3\\(0.0\\)pp4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_network:4.3\\(1.0\\)pp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_network:4.2\\(2.1\\)pp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_network:4.2\\(3.0\\)pp6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "99457"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6732",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-14610",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-114935",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6732",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6732",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-14610",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-389",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114935",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd47343 It is released as.Authenticated by local attackers root May be promoted to. Cisco PrimeNetwork is an integrated component of Cisco PrimeforIPNGNsuite and is a stand-alone product. \nThis issue is being tracked by Cisco Bug ID CSCvd47343. The installation procedure is one of the installation configuration procedures. The vulnerability stems from the fact that the program does not have the correct installation binary file and does not have the correct permission to configure the binary file",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "VULHUB",
"id": "VHN-114935"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6732",
"trust": 3.4
},
{
"db": "BID",
"id": "99457",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389",
"trust": 0.7
},
{
"db": "BID",
"id": "9945799457",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-14610",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114935",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"id": "VAR-201707-0904",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
}
]
},
"last_update_date": "2023-12-18T13:29:15.675000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170705-prime",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-prime"
},
{
"title": "Patch for Cisco PrimeNetwork Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/98167"
},
{
"title": "Cisco Prime Network Software installation procedure Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71587"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-prime"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99457"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6732"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6732"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"date": "2017-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-114935"
},
{
"date": "2017-07-05T00:00:00",
"db": "BID",
"id": "99457"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"date": "2017-07-10T20:29:00.673000",
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"date": "2017-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114935"
},
{
"date": "2017-07-05T00:00:00",
"db": "BID",
"id": "99457"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "99457"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime Network Permission in the software installation procedure root Vulnerability promoted to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…