CVE-2018-0106 — Sensitive Information Exposure in Cisco Elastic Services Controller

CWE-200 — Sensitive Information Exposure CWE-552 — Files or Directories Accessible to External Parties4 documents4 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 79.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Elastic Services Controller

Timeline

PublishedJan 18

Latest updateMay 13

Description

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5cisco/cisco_elastic_services_controllerCisco Elastic Services Controller

🔴Vulnerability Details

GHSA

GHSA-fh64-6hhj-q3pg: A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive↗2022-05-13

▶

CVEList

CVE-2018-0106: A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive↗2018-01-18

▶

📋Vendor Advisories

Cisco

Cisco Elastic Services Controller Information Disclosure Vulnerability↗2018-01-18

▶