Cisco Elastic Services Controller Information Disclosure Vulnerability

2017-06-07T16:00:00
ID CISCO-SA-20170607-ESC6
Type cisco
Reporter Cisco
Modified 2017-06-06T16:33:28

Description

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system.

The vulnerability is due to improper permissions that are set for certain files by the affected service. An attacker could exploit this vulnerability to gain access to sensitive information on an affected system, which could lead to further attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6"]