nvd-json-data-feeds/CVE-2017/CVE-2017-63xx/CVE-2017-6356.json

{
  "id": "CVE-2017-6356",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2017-03-20T16:59:02.423",
  "lastModified": "2024-11-21T03:29:37.333",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Palo Alto Networks Terminal Services (tambi\u00e9n conocido como TS) Agent 6.0, 7.0 y 8.0 en versiones anteriores a 8.0.1 utiliza permisos d\u00e9biles para recursos no especificados lo que permite a los atacantes obtener informaci\u00f3n sensible de sesi\u00f3n a trav\u00e9s de vectores desconocidos."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "baseScore": 5.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:paloaltonetworks:terminal_services_agent:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "867C0010-2021-4180-97A3-72BB4773B123"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:paloaltonetworks:terminal_services_agent:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA7D6B0-B08E-4B1D-AE9B-3B405B80488D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:paloaltonetworks:terminal_services_agent:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DCF61B-016E-49D1-8D60-C94C6D13F95E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/96925",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://security.paloaltonetworks.com/CVE-2017-6356",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/96925",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://security.paloaltonetworks.com/CVE-2017-6356",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}