CVE-2017-6778

Name of the Vulnerable Software and Affected Versions Cisco Ultra Services Platform version 21.0.v0.65839

Description A vulnerability in the Elastic Services Controller (ESC) web interface could allow an authenticated, remote attacker to acquire sensitive information. This is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this by sending a GET request to a vulnerable device, potentially allowing them to view information regarding the Ultra Services Platform deployment.

Recommendations For version 21.0.v0.65839, consider restricting access to the ESC web interface until a fix is available. As a temporary workaround, avoid using the GET request method to sensitive information endpoints.