Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Intrusion Prevention System Device Manager Information Disclosure Vulnerability

cisco-sa-20170215-idm · Medium · Published · Updated

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments.   The vulnerability is due to improper masking of sensitive data in certain HTML comments. An attacker could exploit this vulnerability by navigating to certain configuration screens. An exploit could allow the attacker to discover sensitive data that should be restricted and could be used to conduct further attacks. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-3842
Cisco Bug IDsCSCuh91455
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Intrusion Prevention System (IPS), Intrusion Prevention System (IPS)

Related Products

Product CVE Evidence
Intrusion Prevention System (IPS) CVE-2017-3842 Cisco OpenVuln
Cisco Intrusion Prevention System (IPS) CVE-2017-3842 Cisco OpenVuln