Lucene search

[email protected]CVE-2017-6777

HistoryAug 17, 2017 - 8:29 p.m.

CVE-2017-6777

2017-08-1720:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2017-6777

cisco elastic services controller

confd server

authenticated

remote attacker

sensitive files

system information

unprivileged user

nvd

vulnerability

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

JSON

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2).

Affected configurations

NVD

Node

ciscoelastic_services_controllerMatch2.3

ciscoelastic_services_controllerMatch2.3\(2\)

CPENameOperatorVersion
cisco:elastic_services_controllercisco elastic services controllereq2.3
cisco:elastic_services_controllercisco elastic services controllereq2.3\(2\)

CPE	Name	Operator	Version
cisco:elastic_services_controller	cisco elastic services controller	eq	2.3
cisco:elastic_services_controller	cisco elastic services controller	eq	2.3\(2\)

CNA Affected

[
  {
    "product": "Elastic Services Controller",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "2.3, 2.3(2)"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100390

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

JSON

Related for CVE-2017-6777

prion1 cvelist1 cisco1 nvd1