Information disclosure in Cisco Ultra Services Framework - CVE-2017-6778
Published: August 16, 2017 / Updated: August 17, 2017
Vulnerability identifier: #VU7968
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6778
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Ultra Services Framework
Cisco Ultra Services Framework
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform due to the transmission of sensitive information as part of a GET request. A remote attacker can send a GET request to a vulnerable device and view information regarding the Ultra Services Platform deployment.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-6778
Install update from vendor's website.