CVE-2017-12289Sensitive Information Exposure in Cisco IOS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 76.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedOct 19
Latest updateMay 13

Description

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by a

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios16.7.1

🔴Vulnerability Details

2
GHSA
GHSA-j654-8cc6-25gc: A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to d2022-05-13
CVEList
CVE-2017-12289: A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to d2017-10-19

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability2017-10-18
CVE-2017-12289 — Sensitive Information Exposure | cvebase