Lucene search

CiscoCISCO-SA-20151120-NS

HistoryNov 20, 2015 - 12:00 a.m.

Cisco Networking Services Sensitive Information Disclosure Vulnerability

2015-11-2000:00:00

tools.cisco.com

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

Percentile

5.1%

JSON

A vulnerability in the debug logging function of Cisco Networking Services (CNS) used for configuring Cisco IOS networking devices could allow an authenticated, local attacker to disclose sensitive data.

The vulnerability is due to insufficient protections of sensitive data at rest. An attacker could exploit this vulnerability by accessing a specific file and reading the sensitive information.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns”]

Affected configurations

Vulners

Node

ciscoiosMatchany

VendorProductVersionCPE
ciscoiosanycpe:2.3:o:cisco:ios:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	any	cpe:2.3:o:cisco:ios:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

Percentile

5.1%

JSON

Related for CISCO-SA-20151120-NS