A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2).
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100390 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3 | Vendor Advisory |
http://www.securityfocus.com/bid/100390 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100390 - Third Party Advisory, VDB Entry | |
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3 - Vendor Advisory |
Information
Published : 2017-08-17 20:29
Updated : 2024-11-21 03:30
NVD link : CVE-2017-6777
Mitre link : CVE-2017-6777
CVE.ORG link : CVE-2017-6777
JSON object : View
Products Affected
cisco
- elastic_services_controller
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor