CVE-2017-6693

CWE-862Missing AuthorizationCWE-2644 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 82.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Elastic Services Controller
Timeline
PublishedJun 13
Latest updateMay 13

Description

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco_elastic_services_controllerCisco Elastic Services Controller
NVDcisco/elastic_services_controller2.2\(9.76\), 2.3\(1\)+1

🔴Vulnerability Details

2
GHSA
GHSA-3xx3-2m5h-mj67: A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information2022-05-13
CVEList
CVE-2017-6693: A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information2017-06-13

📋Vendor Advisories

1
Cisco
Cisco Elastic Services Controller Unauthorized Directory Access Vulnerability2017-06-07
CVE-2017-6693 (MEDIUM CVSS 5.5) | A vulnerability in the ConfD server | cvebase.io