CVE-2017-3884

CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 54.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure

Timeline

PublishedApr 7

Latest updateMay 14

Description

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5cisco_prime_infrastructure_and_cisco_evolved_programmable_network_managerCisco Prime Infrastructure and Cisco Evolved Programmable Network Manager

▶NVDcisco/evolved_programmable_network_manager2.0\(4.0.45d\)

▶NVDcisco/prime_infrastructure8 versions+7

🔴Vulnerability Details

GHSA

GHSA-8wp2-h37w-5qxq: A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated,↗2022-05-14

▶

CVEList

CVE-2017-3884: A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated,↗2017-04-07

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability↗2017-04-05

▶