113 matches found
Design/Logic Flaw
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.29.76...
Default credentials
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.29.76...
Information disclosure
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.29.76...
Design/Logic Flaw
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839...
CVE-2017-6691
CVE-2017-6691 affects Cisco Elastic Services Controller (ESC) and its ConfD CLI. The issue arises from improper permissions on certain files in the affected service, enabling an authenticated, remote attacker to access sensitive information on the system. Affected release noted: ESC 2.3(2). Cisco...
CVE-2017-6695
CVE-2017-6695 affects Cisco Ultra Services Platform’s ConfD server. An authenticated, local attacker can view sensitive information due to insufficient protection of sensitive files. Affected release: 21.0.v0.65839. CVSS details: CVSSv2 base 2.1 (LOW) with Partial confidentiality impact; CVSSv3 b...
CVE-2017-6689
CVE-2017-6689 is a Cisco Elastic Services Controller vulnerability affecting the ConfD CLI, caused by a default, hard-coded admin password. An authenticated remote attacker could log in as admin (SSH port 2024) on affected systems. Known affected release: 2.2(9.76). Cisco advisory notes there are...
CVE-2017-6693
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.29.76...
CVE-2017-6691
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.32...
CVE-2017-6695
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839...
Cisco Elastic Services Controller Unauthorized Directory Access Vulnerability
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system. The vulnerability exists because the affected component does not sufficiently protect files that...
Cisco Ultra Services Platform Information Disclosure Vulnerability
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging in to the...
Cisco Elastic Services Controller Information Disclosure Vulnerability
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to improper permissions that are set for certain files by the affected service. An attacker could...