What is the severity of CVE-2017-6783?

CVE-2017-6783 has a medium severity rating as it allows authenticated, remote attackers to access confidential information.

How do I fix CVE-2017-6783?

To mitigate CVE-2017-6783, upgrade the affected Cisco appliances to their latest versions as recommended by Cisco.

What products are affected by CVE-2017-6783?

CVE-2017-6783 affects Cisco Web Security Appliance, Email Security Appliance, and Content Security Management Appliance.

Can CVE-2017-6783 be exploited remotely?

Yes, CVE-2017-6783 can be exploited by an authenticated remote attacker.

Is authentication required to exploit CVE-2017-6783?

Yes, exploitation of CVE-2017-6783 requires that the attacker has valid authentication credentials.

Vulnerability/
CVE-2017-6783

medium

4.3

CWE

200

16/8/2017

5/8/2024

CVE-2017-6783: Infoleak

First published: Wed Aug 16 2017(Updated: )

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Content Security Management Virtual Appliance	=10.1.0-037
Cisco Email Security Appliance Firmware	=9.7.2-065
Cisco Web Security Appliance	=10.0.0-230

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6783?
CVE-2017-6783 has a medium severity rating as it allows authenticated, remote attackers to access confidential information.
How do I fix CVE-2017-6783?
To mitigate CVE-2017-6783, upgrade the affected Cisco appliances to their latest versions as recommended by Cisco.
What products are affected by CVE-2017-6783?
CVE-2017-6783 affects Cisco Web Security Appliance, Email Security Appliance, and Content Security Management Appliance.
Can CVE-2017-6783 be exploited remotely?
Yes, CVE-2017-6783 can be exploited by an authenticated remote attacker.
Is authentication required to exploit CVE-2017-6783?
Yes, exploitation of CVE-2017-6783 requires that the attacker has valid authentication credentials.

agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/weakness
agent/author
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco content security management virtual appliance
version/cisco content security management virtual appliance/10.1.0-037
canonical/cisco email security appliance firmware
version/cisco email security appliance firmware/9.7.2-065
canonical/cisco web security appliance
version/cisco web security appliance/10.0.0-230