CVE-2017-6772

{"id": "CVE-2017-6772", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2017-08-17T20:29:00.497", "references": [{"url": "http://www.securityfocus.com/bid/100388", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2)."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Elastic Services Controller (ESC) podr\u00eda permitir que un atacante remoto autenticado acceda a informaci\u00f3n sensible. Esta vulnerabilidad se debe a una protecci\u00f3n de datos sensibles insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en la aplicaci\u00f3n y navegando hasta ciertos archivos de configuraci\u00f3n. Un exploit podr\u00eda permitir que el atacante vea archivos de configuraci\u00f3n del sistema sensibles. Cisco Bug IDs: CSCvd29408. Versiones afectadas conocidas: 2.3(2)."}], "lastModified": "2017-08-22T17:56:53.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:elastic_services_controller:2.3\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69D4B076-9094-43A1-B2BC-0E3F080BF187"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}