CVE-2017-3805
published 2017-01-26CVE-2017-3805: A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential…
PriorityP432medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
1.58%
72.5th percentile
A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios_and_cisco_iox | — | — |
| cisco | iox | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Cisco IOS/IOx on IR829/IR809/IE4K/CGR1K Web-based Management Interface information disclosure (CSCvb20897 / BID-95644)
vuldb·2026-05-14·CVSS 5.3
CVE-2017-3805 [MEDIUM] Cisco IOS/IOx on IR829/IR809/IE4K/CGR1K Web-based Management Interface information disclosure (CSCvb20897 / BID-95644)
A vulnerability classified as problematic was found in Cisco IOS and IOx on IR829/IR809/IE4K/CGR1K. Affected by this issue is some unknown functionality of the component Web-based Management Interface. Executing a manipulation can lead to information disclosure.
This vulnerability appears as CVE-2017-3805. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-c6xp-2qqh-7vvr: A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view conf
ghsa_unreviewed·2022-05-17
CVE-2017-3805 [MEDIUM] CWE-200 GHSA-c6xp-2qqh-7vvr: A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view conf
A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0).
Cisco
Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
vendor_cisco·2017-01-18·CVSS 5.3
CVE-2017-3805 [MEDIUM] CWE-200 Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device.
The vulnerability is due to lack of proper input validation of the HTTP URL being requested. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted device. An exploit could allow the attacker to view confidential information that should only be visible to authenticated users to the device. The attacker could use this information to conduct additional reconnaissance attacks.
There are no workarounds that address this vulnerability.
This advisory is availab
Cisco
Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-3805 Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
CVE-2017-3805: Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. The vulnerability is due to lack of proper input validation of the HTTP URL being requested. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted device. An exploit could allow the attacker to view confidential information that should only be visible to authenticated users to the device. The attacker could use this information to conduct additional reconnaissance attacks. There are no
CVSS: 3.0
CWE: CWE-200, CWE-200
Bug IDs: CSCvb20897
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/95644http://www.securitytracker.com/id/1037654https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ioshttp://www.securityfocus.com/bid/95644http://www.securitytracker.com/id/1037654https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios
2017-01-26
Published