PT-2017-17308 · Cisco · Cisco Elastic Services Controller

Published

2017-08-17

Updated

2017-08-22

CVE-2017-6772

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Elastic Services Controller (ESC) version 2.3(2)

Description A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information due to insufficient protection of sensitive data. An attacker could exploit this by authenticating to the application and navigating to certain configuration files, potentially allowing them to view sensitive system configuration files.

Recommendations For version 2.3(2), update to a version that includes the fix for Cisco Bug ID CSCvd29408 to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-6772

Affected Products

Cisco Elastic Services Controller

PT-2017-17308 · Cisco · Cisco Elastic Services Controller

CVE-2017-6772

Weakness Enumeration

Related Identifiers

Affected Products

References · 4