Vulnslist

find the latest Cisco vulnerabilities

Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability

cisco-sa-20170607-esc9 · Medium · Published · Updated

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the credential repository on an affected system. An attacker could exploit this vulnerability while accessing the web user interface of an affected system. A successful exploit could allow the attacker to access and retrieve sensitive system credentials from the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc9

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6697
Cisco Bug IDsCSCvd76339
CVSS ScoreBase 6.1
Base 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Elastic Services Controller

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2017-6697 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2017-6697 Cisco OpenVuln
Cisco Elastic Services Controller CVE-2017-6697 Cisco OpenVuln