Vulnerability Details CVE-2017-3884
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.securityfocus.com/bid/97470
- http://www.securitytracker.com/id/1038189
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi
- http://www.securityfocus.com/bid/97470
- http://www.securitytracker.com/id/1038189
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi
Products affected by CVE-2017-3884
-
cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0(4.0.45d)
-
cpe:2.3:a:cisco:prime_infrastructure:2.2
-
cpe:2.3:a:cisco:prime_infrastructure:2.2(3)
-
cpe:2.3:a:cisco:prime_infrastructure:3.0
-
cpe:2.3:a:cisco:prime_infrastructure:3.1
-
cpe:2.3:a:cisco:prime_infrastructure:3.1(0.128)
-
cpe:2.3:a:cisco:prime_infrastructure:3.1(4.0)
-
cpe:2.3:a:cisco:prime_infrastructure:3.1(5.0)
-
cpe:2.3:a:cisco:prime_infrastructure:3.2(0.0)