A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100380 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp | Vendor Advisory |
http://www.securityfocus.com/bid/100380 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100380 - Third Party Advisory, VDB Entry | |
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp - Vendor Advisory |
Information
Published : 2017-08-17 20:29
Updated : 2024-11-21 03:30
NVD link : CVE-2017-6778
Mitre link : CVE-2017-6778
CVE.ORG link : CVE-2017-6778
JSON object : View
Products Affected
cisco
- ultra_services_platform
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor