CVE-2017-12289

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the IPsec feature could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The issue is due to incorrect implementation of IPsec conditional, verbose debug logging, causing sensitive information to be written to the log file. An attacker with valid administrative credentials could exploit this by authenticating to the device, enabling conditional, verbose debug logging for IPsec, and viewing the log file, potentially accessing sensitive information related to the IPsec configuration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.