CVE-2017-3884
MEDIUMCisco Prime Infrastructure & EPN Manager <3.2 - Info Disclosure
Title source: llmDescription
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038189
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97470
Scores
CVSS v3
6.5
EPSS
0.0208
EPSS Percentile
79.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (10)
cisco/evolved_programmable_network_manager
2.0\(4.0.45d\)
cisco/prime_infrastructure
2.2
cisco/prime_infrastructure
2.2\(3\)
cisco/prime_infrastructure
3.0
cisco/prime_infrastructure
3.1
cisco/prime_infrastructure
3.1\(0.128\)
cisco/prime_infrastructure
3.1\(4.0\)
cisco/prime_infrastructure
3.1\(5.0\)
cisco/prime_infrastructure
3.2\(0.0\)
n/a/Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager
Published
Apr 07, 2017
Tracked Since
Feb 18, 2026