CVE-2017-6778

A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:ultra_services_platform:21.0.v0.65839:*:*:*:*:*:*:*

History

21 Nov 2024, 03:30

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/100380 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/100380 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp - Vendor Advisory

Information

Published : 2017-08-17 20:29

Updated : 2024-11-21 03:30


NVD link : CVE-2017-6778

Mitre link : CVE-2017-6778

CVE.ORG link : CVE-2017-6778


JSON object : View

Products Affected

cisco

  • ultra_services_platform
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor