CVE-2017-6696

CWE-200 — Information Exposure4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 79.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Elastic Services Controller

Timeline

PublishedJun 13

Latest updateMay 17

Description

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_elastic_services_controllerCisco Elastic Services Controller

▶NVDcisco/elastic_services_controller2.3\(2\)

🔴Vulnerability Details

GHSA

GHSA-2vwh-gpg3-5pm3: A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user↗2022-05-17

▶

CVEList

CVE-2017-6696: A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user↗2017-06-13

▶

📋Vendor Advisories

Cisco

Cisco Elastic Services Controller User Credentials Information Disclosure Vulnerability↗2017-06-07

▶