CVE-2017-2826

{"id": "CVE-2017-2826", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2018-04-09T20:29:00.217", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00010.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la petici\u00f3n del proxy iConfig en las versiones 2.4.X del servidor Zabbix. Una petici\u00f3n del proxy iConfig especialmente manipulada puede hacer que el servidor Zabbix env\u00ede la informaci\u00f3n de configuraci\u00f3n de cualquier proxy de Zabbix, lo que resulta en una divulgaci\u00f3n de informaci\u00f3n. Un atacante puede realizar peticiones de un proxy Zabbix activo para desencadenar esta vulnerabilidad."}], "lastModified": "2019-03-13T17:50:11.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B847CEDA-6C3E-44DC-952B-9F92EF2E060A"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "379C720C-1F28-487D-8AF8-873E916B18DC"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10D1EA2C-35CC-4E35-BA5C-B0BC9D3BEEEB"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A799E7F-C2FB-4F2C-A8C0-6254DAF8C625"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E036381E-C3B3-4E13-9FB3-1CAF15D900DF"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66CF407E-71E0-4163-B4E7-346BF6164183"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B81CDC64-CB3F-4939-BAC1-591F92D69D88"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9080E8A-E1E6-46CB-B766-D8E4B68C4B08"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "074D6347-699F-4FEB-969C-CC02751B17D6"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C32BD321-01C3-4910-9058-A5582A27A6D8"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEA0EC11-C95B-42E5-B5D0-6D938D7F909B"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85ACEED4-E5FD-42D2-BDF3-96B46EE2B9D7"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF7D63B5-8660-4B23-89EA-009EF560F95F"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B73B67B9-7184-4E7E-AA3D-52CD8A7A0CEC"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.5:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C2A84A1-06C7-4300-BEA6-39C4E7468665"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59B2EB47-2255-4B56-85A5-2B6261EA93AF"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.6:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55C1F15D-DF51-447D-87AD-C2DA4F118E32"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE8C066D-3290-4073-AF74-C13ED3C733DC"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.7:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A610E4AB-BA66-4059-B9C4-D13C4B54804A"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44D7778B-738C-42B4-81D7-DFB5456D8909"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C8623D3-5A16-45E7-8F26-6F1B7DAC51A3"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E5EA48-E8E3-4214-9D23-25AB677FE96B"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:2.4.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "556EE336-9968-48A6-9B1B-064ABF39D95A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}