Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability

cisco-sa-20170405-cpi · Medium · Published · Updated

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. The vulnerability occurs because the application does not sufficiently protect sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to obtain sensitive information about the application. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-3884
Cisco Bug IDsCSCvc60031, CSCvc60041, CSCvc60095, CSCvc60102
CVSS ScoreBase 6.5
Base 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Prime Infrastructure, Cisco Evolved Programmable Network Manager (EPNM)

Related Products

Product CVE Evidence
Cisco Prime Infrastructure CVE-2017-3884 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2017-3884 Cisco OpenVuln