Information disclosure

2017-08-1720:29:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2).

CPENameOperatorVersion
elastic_services_controllereq2.32.0

CPE	Name	Operator	Version
	elastic_services_controller	eq	2.32.0

References

www.securityfocus.com/bid/100388

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1