CVE-2017-3884

MEDIUM

Cisco Prime Infrastructure & EPN Manager <3.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038189
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97470

Scores

CVSS v3 6.5
EPSS 0.0208
EPSS Percentile 79.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (10)
cisco/evolved_programmable_network_manager 2.0\(4.0.45d\)
cisco/prime_infrastructure 2.2
cisco/prime_infrastructure 2.2\(3\)
cisco/prime_infrastructure 3.0
cisco/prime_infrastructure 3.1
cisco/prime_infrastructure 3.1\(0.128\)
cisco/prime_infrastructure 3.1\(4.0\)
cisco/prime_infrastructure 3.1\(5.0\)
cisco/prime_infrastructure 3.2\(0.0\)
n/a/Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager
Published Apr 07, 2017
Tracked Since Feb 18, 2026