Cisco Elastic Services Controller User Credentials Information Disclosure Vulnerability

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive credentials that are stored in an affected system.

The vulnerability exists because the affected software does not sufficiently control access to the credential repository on an affected system. An attacker could exploit this vulnerability by accessing certain files on an affected system via the command line. A successful exploit could allow the attacker to retrieve sensitive user credentials from the affected system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8”]