CVE-2017-6693

{"id": "CVE-2017-6693", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-06-13T06:29:01.627", "references": [{"url": "http://www.securityfocus.com/bid/98985", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/98985", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1)."}, {"lang": "es", "value": "Una vulnerabilidad en el componente ConfD server de Elastic Services Controllers de Cisco, podr\u00eda permitir a un atacante local autenticado acceder a la informaci\u00f3n almacenada en el sistema de archivos de un sistema afectado, tambi\u00e9n se conoce como Acceso no autorizado a directorios. M\u00e1s informaci\u00f3n: CSCvd76286. Versiones Afectadas Conocidas: 2.2(9.76) 2.3(1)."}], "lastModified": "2024-11-21T03:30:19.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.2\\(9.76\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E20A8B43-6D8F-468D-8194-0D8125742D39"}, {"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.3\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "053E82A5-8630-4197-B428-69B0E0E5E1F3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}