CVE-2017-3869 — Cisco Prime Infrastructure vulnerability

CWE-2554 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 61.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Infrastructure Cisco Prime Infrastructure

Timeline

PublishedMar 17

Latest updateMay 13

Description

An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDcisco/prime_infrastructure3.1\(1\)

▶CVEListV5cisco/cisco_prime_infrastructureCisco Prime Infrastructure

🔴Vulnerability Details

GHSA

GHSA-59m2-h4gm-362r: An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API↗2022-05-13

▶

CVEList

CVE-2017-3869: An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API↗2017-03-17

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure API Credentials Management Vulnerability↗2017-03-15

▶