var-201707-0904
Vulnerability from variot
A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd47343 It is released as.Authenticated by local attackers root May be promoted to. Cisco PrimeNetwork is an integrated component of Cisco PrimeforIPNGNsuite and is a stand-alone product. This issue is being tracked by Cisco Bug ID CSCvd47343. The installation procedure is one of the installation configuration procedures. The vulnerability stems from the fact that the program does not have the correct installation binary file and does not have the correct permission to configure the binary file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0904",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime network",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.3\\(0.0\\)pp4"
},
{
"model": "prime network",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2\\(3.0\\)pp6"
},
{
"model": "prime network",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.3\\(1.0\\)pp2"
},
{
"model": "prime network",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2\\(2.1\\)pp1"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.2(2.1)pp1"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.2(3.0)pp6"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3(0.0)pp4"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3(1.0)pp2"
},
{
"model": "prime network",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "prime network software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network 4.3 pp2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime network 4.3 pp4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime network 4.2 pp6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime network 4.2 pp1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime network",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3(2)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:prime_network",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "99457"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6732",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-14610",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-114935",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2017-6732",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6732",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6732",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-14610",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-389",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114935",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd47343 It is released as.Authenticated by local attackers root May be promoted to. Cisco PrimeNetwork is an integrated component of Cisco PrimeforIPNGNsuite and is a stand-alone product. \nThis issue is being tracked by Cisco Bug ID CSCvd47343. The installation procedure is one of the installation configuration procedures. The vulnerability stems from the fact that the program does not have the correct installation binary file and does not have the correct permission to configure the binary file",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "VULHUB",
"id": "VHN-114935"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6732",
"trust": 3.4
},
{
"db": "BID",
"id": "99457",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389",
"trust": 0.7
},
{
"db": "BID",
"id": "9945799457",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-14610",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114935",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"id": "VAR-201707-0904",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
}
]
},
"last_update_date": "2024-11-23T22:01:02.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170705-prime",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-prime"
},
{
"title": "Patch for Cisco PrimeNetwork Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98167"
},
{
"title": "Cisco Prime Network Software installation procedure Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71587"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-prime"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99457"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6732"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6732"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"db": "VULHUB",
"id": "VHN-114935"
},
{
"db": "BID",
"id": "99457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
},
{
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"date": "2017-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-114935"
},
{
"date": "2017-07-05T00:00:00",
"db": "BID",
"id": "99457"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"date": "2017-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-389"
},
{
"date": "2017-07-10T20:29:00.673000",
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14610"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114935"
},
{
"date": "2017-07-05T00:00:00",
"db": "BID",
"id": "99457"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005627"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-389"
},
{
"date": "2024-11-21T03:30:24.080000",
"db": "NVD",
"id": "CVE-2017-6732"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "99457"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime Network Permission in the software installation procedure root Vulnerability promoted to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005627"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-389"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…