What is the severity of CVE-2017-3884?

CVE-2017-3884 is rated as a high severity vulnerability.

How do I fix CVE-2017-3884?

To address CVE-2017-3884, you should upgrade to the latest patched version of Cisco Prime Infrastructure or Cisco Evolved Programmable Network Manager.

What kind of attack is possible due to CVE-2017-3884?

CVE-2017-3884 allows an authenticated remote attacker to access sensitive data without needing administrator credentials.

What versions of Cisco software are vulnerable to CVE-2017-3884?

CVE-2017-3884 affects versions 2.0(4.0.45d), 2.2, 2.2(3), 3.0, 3.1, and 3.2(0.0) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager.

Vulnerability/
CVE-2017-3884

medium

6.5

CWE

200

7/4/2017

29/7/2019

CVE-2017-3884: Infoleak

First published: Fri Apr 07 2017(Updated: )

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Evolved Programmable Network Manager	=2.0\(4.0.45d\)
Cisco Prime Infrastructure	=2.2
Cisco Prime Infrastructure	=2.2\(3\)
Cisco Prime Infrastructure	=3.0
Cisco Prime Infrastructure	=3.1
Cisco Prime Infrastructure	=3.1\(0.128\)
Cisco Prime Infrastructure	=3.1\(4.0\)
Cisco Prime Infrastructure	=3.1\(5.0\)
Cisco Prime Infrastructure	=3.2\(0.0\)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-3884?
CVE-2017-3884 is rated as a high severity vulnerability.
How do I fix CVE-2017-3884?
To address CVE-2017-3884, you should upgrade to the latest patched version of Cisco Prime Infrastructure or Cisco Evolved Programmable Network Manager.
Who is affected by CVE-2017-3884?
CVE-2017-3884 affects authenticated users of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager on specified versions.
What kind of attack is possible due to CVE-2017-3884?
CVE-2017-3884 allows an authenticated remote attacker to access sensitive data without needing administrator credentials.
What versions of Cisco software are vulnerable to CVE-2017-3884?
CVE-2017-3884 affects versions 2.0(4.0.45d), 2.2, 2.2(3), 3.0, 3.1, and 3.2(0.0) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager.

collector/nvd-index
agent/references
agent/weakness
agent/type
agent/author
agent/severity
agent/tags
agent/description
agent/event
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
vendor/cisco
canonical/cisco evolved programmable network manager
version/cisco evolved programmable network manager/2.0\(4.0.45d\)
canonical/cisco prime infrastructure
version/cisco prime infrastructure/2.2
version/cisco prime infrastructure/2.2\(3\)
version/cisco prime infrastructure/3.0
version/cisco prime infrastructure/3.1
version/cisco prime infrastructure/3.1\(0.128\)
version/cisco prime infrastructure/3.1\(4.0\)
version/cisco prime infrastructure/3.1\(5.0\)
version/cisco prime infrastructure/3.2\(0.0\)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.