Information disclosure in Cisco Prime Network - CVE-2017-6726
Published: July 6, 2017
Vulnerability identifier: #VU7363
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6726
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Network
Cisco Prime Network
Detailed vulnerability description
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.
The weakness exists in the CLI of the Cisco Prime Network Gateway due to a lack of input and validation checking mechanisms. A local attacker can issue specific, known commands after authenticating locally to the system via the CLI and retrieve system process information.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists in the CLI of the Cisco Prime Network Gateway due to a lack of input and validation checking mechanisms. A local attacker can issue specific, known commands after authenticating locally to the system via the CLI and retrieve system process information.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-6726
Update to version 4.3(2).