CVE-2017-3842

Published: Feb 22, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7.

Affected (1)

Products: Cisco: Intrusion Prevention System Device Manager

1 product

Intrusion Prevention System Device Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Intrusion Prevention System Device Manager	Version 7.2(1)v7

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/96256

Source: psirt@cisco.com

http://www.securitytracker.com/id/1037842

Source: psirt@cisco.com

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/96256

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1037842

Source: af854a3a-2127-422b-91ae-364da2661108

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.