Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-6783

UNKNOWN
Published 2017-08-17T20:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-6783. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Cisco Systems, Inc.

Web Security Appliance (WSA)

Affected Versions:

10.0.0-230
Cisco Systems, Inc.

Email Security Appliance (ESA)

Affected Versions:

9.7.2-065
Cisco Systems, Inc.

Content Security Management Appliance (SMA)

Affected Versions:

10.1.0-037

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-4p7m-9f38-j933

Advisory Details

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-6783
WEB https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
WEB http://www.securityfocus.com/bid/100387
WEB http://www.securitytracker.com/id/1039186
WEB http://www.securitytracker.com/id/1039187
WEB http://www.securitytracker.com/id/1039188

Advisory provided by GitHub Security Advisory Database. Published: May 17, 2022, Modified: May 17, 2022

References

http://www.securitytracker.com/id/1039187
http://www.securityfocus.com/bid/100387
http://www.securitytracker.com/id/1039186
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
http://www.securitytracker.com/id/1039188
Published: 2017-08-17T20:00:00Z
Last Modified: 2024-09-16T19:14:34.884Z
Copied to clipboard!