CVE-2017-3817

CWE-863 — Incorrect Authorization CWE-200 — Information Exposure4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 65.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Computing System Director

Timeline

PublishedApr 7

Latest updateMay 13

Description

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/unified_computing_system_director5.5.0.1, 6.0.0.0+1

▶CVEListV5cisco_ucs_directorCisco UCS Director

🔴Vulnerability Details

GHSA

GHSA-h83w-cm2j-j6jg: A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remot↗2022-05-13

▶

CVEList

CVE-2017-3817: A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remot↗2017-04-07

▶

📋Vendor Advisories

Cisco

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability↗2017-04-05

▶