CVE-2017-12315

CWE-200 — Information Exposure4 documents4 sources

Severity

6.0MEDIUM

EPSS

0.1%

top 79.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Hyperflex HX Data Platform

Timeline

PublishedNov 16

Latest updateMay 13

Description

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted d…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco_hyperflex_systemCisco HyperFlex System

▶NVDcisco/hyperflex_hx_data_platform2.6\(1a\)

🔴Vulnerability Details

GHSA

GHSA-wgm8-4c2w-8672: A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to↗2022-05-13

▶

CVEList

CVE-2017-12315: A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to↗2017-11-16

▶

📋Vendor Advisories

Cisco

Cisco HyperFlex System Authenticated Information Disclosure Vulnerability↗2017-11-16

▶