CVE-2017-3884: Infoleak
First published: Fri Apr 07 2017(Updated: )
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Evolved Programmable Network Manager | =2.0\(4.0.45d\) | |
| Cisco Prime Infrastructure | =2.2 | |
| Cisco Prime Infrastructure | =2.2\(3\) | |
| Cisco Prime Infrastructure | =3.0 | |
| Cisco Prime Infrastructure | =3.1 | |
| Cisco Prime Infrastructure | =3.1\(0.128\) | |
| Cisco Prime Infrastructure | =3.1\(4.0\) | |
| Cisco Prime Infrastructure | =3.1\(5.0\) | |
| Cisco Prime Infrastructure | =3.2\(0.0\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- vendor/cisco
- canonical/cisco evolved programmable network manager
- version/cisco evolved programmable network manager/2.0\(4.0.45d\)
- canonical/cisco prime infrastructure
- version/cisco prime infrastructure/2.2
- version/cisco prime infrastructure/2.2\(3\)
- version/cisco prime infrastructure/3.0
- version/cisco prime infrastructure/3.1
- version/cisco prime infrastructure/3.1\(0.128\)
- version/cisco prime infrastructure/3.1\(4.0\)
- version/cisco prime infrastructure/3.1\(5.0\)
- version/cisco prime infrastructure/3.2\(0.0\)