CVE-2017-6786

Name of the Vulnerable Software and Affected Versions Cisco Elastic Services Controller version 2.2(9.76)

Description A vulnerability could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The issue is due to improper protection of sensitive log files. An attacker could exploit this by logging in to an affected system and accessing unprotected log files, potentially gaining access to sensitive log files that may include system credentials.

Recommendations For version 2.2(9.76), consider restricting access to sensitive log files as a temporary workaround until a patch is available. Additionally, limit local access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.