CVE-2017-6777

Name of the Vulnerable Software and Affected Versions Cisco Elastic Services Controller (ESC) versions 2.3 through 2.3(2)

Description A vulnerability in the ConfD server could allow an authenticated, remote attacker to acquire sensitive system information due to insufficient protection of sensitive files on the system. An attacker could exploit this by logging into the ConfD server and executing certain commands, potentially allowing an unprivileged user to view configuration parameters that can be maliciously used.

Recommendations For versions 2.3 and 2.3(2), consider restricting access to the ConfD server to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the execution of certain commands on the ConfD server to prevent unauthorized access to sensitive system information.