Remote Information Disclosure Vulnerability in Cisco Intrusion Prevention System
CVE-2017-3842

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Intrusion Prevention System Device Manager
Vendor
CVE Published:
22 February 2017

Summary

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager allows an unauthenticated remote attacker to access sensitive information embedded in specific HTML comments. This could lead to exposure of critical system details that might be exploited in further attacks. Administrators should review their system deployment and apply necessary updates to safeguard against potential threats.

Affected Version(s)

Cisco Intrusion Prevention System Device Manager Cisco Intrusion Prevention System Device Manager

References

http://www.securityfocus.com/bid/96256
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037842
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.