PT-2017-17307 · Cisco · Cisco Ultra Services Framework

Published

2017-08-17

Updated

2017-08-22

CVE-2017-6771

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Ultra Services Framework version 21.0.v0.65839

Description A vulnerability in the AutoVNF automation tool could allow an unauthenticated, remote attacker to acquire sensitive information due to insufficient protection of sensitive data. An attacker could exploit this by browsing to a specific URL of an affected device, potentially allowing them to view sensitive configuration information about the deployment.

Recommendations For version 21.0.v0.65839, consider restricting access to the specific URL that could be exploited to view sensitive configuration information until a fix is available. As a temporary workaround, limit browsing to this URL to prevent potential exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-6771

Affected Products

Cisco Ultra Services Framework

PT-2017-17307 · Cisco · Cisco Ultra Services Framework

CVE-2017-6771

Weakness Enumeration

Related Identifiers

Affected Products

References · 4