SB2017081712 - Information disclosure in Cisco Security Appliances

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017081712

SB2017081712 - Information disclosure in Cisco Security Appliances

Published: August 17, 2017

Security Bulletin ID SB2017081712
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Information disclosure (CVE-ID: CVE-2017-6783)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.

The vulnerability exists in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) due to insufficient protection of protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. A remote attacker with knowledge of configured SNMP community string can make a crafted SNMP poll request to the targeted security appliance and discover confidential information.

Successful exploitation of the vulnerability may result in additional reconnaissance attacks.


Remediation

Install update from vendor's website.

References