CVE-2017-6786

CWE-200Information ExposureCWE-362Race Condition6 documents6 sources
Severity
6.3MEDIUM
EPSS
0.1%
top 79.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Systems, Inc. Elastic Services ControllerCisco Elastic Services Controller
Timeline
PublishedAug 17
Latest updateMay 17

Description

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include syst

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 2.0 | Impact: 3.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-rg82-c3xg-wvrf: A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, inclu2022-05-17
CVEList
CVE-2017-6786: A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, inclu2017-08-17

📋Vendor Advisories

2
Cisco
Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability2017-08-16
Red Hat
kernel: Race condition between multiple sys_perf_event_open() calls2017-01-14

💬Community

1
Bugzilla
CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls2017-02-16
CVE-2017-6786 (MEDIUM CVSS 6.3) | A vulnerability in Cisco Elastic Se | cvebase.io