CVE-2017-6786 Information

Description

A vulnerability in Cisco Elastic Services Controller could allow an authenticated local unprivileged attacker to access sensitive information including credentials for system accounts on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files which may include system credentials on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76).

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Reference

http://www.securityfocus.com/bid/100391 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

6.3