Information disclosure in Elastic Services Controller - CVE-2017-6693
Published: June 9, 2017
Vulnerability identifier: #VU6990
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6693
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Elastic Services Controller
Elastic Services Controller
Detailed vulnerability description
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.
The weakness exists in the ConfD server component of Cisco Elastic Services Controllers due to insufficiently protection of files stored in the file system. A local attacker can access and modify restricted file on the affected system.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists in the ConfD server component of Cisco Elastic Services Controllers due to insufficiently protection of files stored in the file system. A local attacker can access and modify restricted file on the affected system.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-6693
Install update from vendor's website.