Main Vulnerability Database Vulnerabilities #VU7970

Information disclosure in Elastic Services Controller - CVE-2017-6786

Published: August 16, 2017 / Updated: August 17, 2017

Vulnerability identifier: #VU7970

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6786

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Elastic Services Controller

Detailed vulnerability description

The vulnerability allows a local authenticated unprivileged attacker to obtain potentially sensitive information.

The vulnerability exists in Cisco Elastic Services Controller due to improper protection of sensitive log files. A local attacker can log in to an affected system and access unprotected log files, including system credentials.

Successful exploitation of the vulnerability may result in further attacks.

How to mitigate CVE-2017-6786

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4

Information disclosure in Elastic Services Controller - CVE-2017-6786

Detailed vulnerability description

How to mitigate CVE-2017-6786

Sources

Please verify you're human