Sign-up

ID

VAR-201706-0570


CVE

CVE-2017-6691


TITLE

Cisco Elastic Services Controller of ConfD CLI Vulnerability in accessing critical information

Trust: 0.8

sources: JVNDB: JVNDB-2017-004806

DESCRIPTION

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2). Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvd29403. ConfD CLI is one of these modules

Trust: 1.98

sources: NVD: CVE-2017-6691 // JVNDB: JVNDB-2017-004806 // BID: 98948 // VULHUB: VHN-114894

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3\(2\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3(2)

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.3(2)

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 98948 // JVNDB: JVNDB-2017-004806 // CNNVD: CNNVD-201706-364 // NVD: CVE-2017-6691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6691
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6691
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201706-364
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114894
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6691
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114894
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6691
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114894 // JVNDB: JVNDB-2017-004806 // CNNVD: CNNVD-201706-364 // NVD: CVE-2017-6691

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114894 // JVNDB: JVNDB-2017-004806 // NVD: CVE-2017-6691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-364

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-364

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004806

PATCH
title:cisco-sa-20170607-esc6url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6
Trust: 0.8
title:Cisco Elastic Services Controller ConfD CLI Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71480
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004806 // 
            
            
            
            CNNVD: CNNVD-201706-364

EXTERNAL IDS
db:NVDid:CVE-2017-6691
Trust: 2.8
db:BIDid:98948
Trust: 2.0
db:JVNDBid:JVNDB-2017-004806
Trust: 0.8
db:CNNVDid:CNNVD-201706-364
Trust: 0.7
db:NSFOCUSid:36822
Trust: 0.6
db:VULHUBid:VHN-114894
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114894 // 
            
            
            
            BID: 98948 // 
            
            
            
            JVNDB: JVNDB-2017-004806 // 
            
            
            
            CNNVD: CNNVD-201706-364 // 
            
            
            
            NVD: CVE-2017-6691

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esc6
Trust: 2.0
url:http://www.securityfocus.com/bid/98948
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6691
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6691
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36822
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114894 // 
            
            
            
            BID: 98948 // 
            
            
            
            JVNDB: JVNDB-2017-004806 // 
            
            
            
            CNNVD: CNNVD-201706-364 // 
            
            
            
            NVD: CVE-2017-6691

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98948 // 
            
            
            
            CNNVD: CNNVD-201706-364

SOURCES
db:VULHUBid:VHN-114894
db:BIDid:98948
db:JVNDBid:JVNDB-2017-004806
db:CNNVDid:CNNVD-201706-364
db:NVDid:CVE-2017-6691

LAST UPDATE DATE
2025-04-20T23:29:40.821000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114894date:2017-06-20T00:00:00
db:BIDid:98948date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004806date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-364date:2017-07-14T00:00:00
db:NVDid:CVE-2017-6691date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114894date:2017-06-13T00:00:00
db:BIDid:98948date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004806date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-364date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6691date:2017-06-13T06:29:01.567