Vulnslist

find the latest Cisco vulnerabilities

Cisco Elastic Services Controller User Credentials Information Disclosure Vulnerability

cisco-sa-20170607-esc8 · Medium · Published · Updated

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the credential repository on an affected system. An attacker could exploit this vulnerability by accessing certain files on an affected system via the command line. A successful exploit could allow the attacker to retrieve sensitive user credentials from the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6696
Cisco Bug IDsCSCvd73677
CVSS ScoreBase 5.5
Base 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Elastic Services Controller

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2017-6696 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2017-6696 Cisco OpenVuln
Cisco Elastic Services Controller CVE-2017-6696 Cisco OpenVuln