VAR-201710-0859
Vulnerability from variot - Updated: 2025-04-20 23:19Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. CiscoSmallBusinessSA520 and SA540 are firewall devices of Cisco Systems of the United States. An attacker could exploit this vulnerability to read arbitrary files with the \342\200\230thispage\342\200\231 parameter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "small business sa520",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "2.1.71"
},
{
"model": "small business sa520",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "2.2.0.7"
},
{
"model": "small business sa540",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "2.1.71"
},
{
"model": "small business sa540",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "2.2.0.7"
},
{
"model": "small business sa520 and sa540 devices",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.1.71"
},
{
"model": "small business sa520 and sa540 devices",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.2.0.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1074"
},
{
"db": "NVD",
"id": "CVE-2017-15805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:small_business_sa520_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_sa540_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
}
]
},
"cve": "CVE-2017-15805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-15805",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35152",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-106664",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-15805",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-15805",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35152",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1074",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-106664",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"db": "VULHUB",
"id": "VHN-106664"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1074"
},
{
"db": "NVD",
"id": "CVE-2017-15805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. CiscoSmallBusinessSA520 and SA540 are firewall devices of Cisco Systems of the United States. An attacker could exploit this vulnerability to read arbitrary files with the \\342\\200\\230thispage\\342\\200\\231 parameter",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"db": "VULHUB",
"id": "VHN-106664"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15805",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009497",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1074",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35152",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "37861",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106664",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"db": "VULHUB",
"id": "VHN-106664"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1074"
},
{
"db": "NVD",
"id": "CVE-2017-15805"
}
]
},
"id": "VAR-201710-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"db": "VULHUB",
"id": "VHN-106664"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35152"
}
]
},
"last_update_date": "2025-04-20T23:19:49.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco SA540 Security Appliance",
"trust": 0.8,
"url": "https://www.cisco.com/c/en/us/support/security/sa540-security-appliance/model.html"
},
{
"title": "Cisco SA520 Security Appliance",
"trust": 0.8,
"url": "https://www.cisco.com/c/en/us/support/security/sa520-security-appliance/model.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106664"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"db": "NVD",
"id": "CVE-2017-15805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.fwhibbit.es/lfi-en-cisco-small-business-sa500-series-cuando-la-seguridad-de-tu-red-esta-hecha-un-cisco"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15805"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15805"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37861"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"db": "VULHUB",
"id": "VHN-106664"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1074"
},
{
"db": "NVD",
"id": "CVE-2017-15805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"db": "VULHUB",
"id": "VHN-106664"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1074"
},
{
"db": "NVD",
"id": "CVE-2017-15805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"date": "2017-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-106664"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"date": "2017-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1074"
},
{
"date": "2017-10-23T08:29:00.773000",
"db": "NVD",
"id": "CVE-2017-15805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35152"
},
{
"date": "2017-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-106664"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009497"
},
{
"date": "2017-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1074"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-15805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1074"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business SA520 and SA540 Path traversal vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009497"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1074"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…