Details of VAR-201706-0572

ID

VAR-201706-0572

CVE

CVE-2017-6693

TITLE

Cisco Elastic Services Controller of ConfD Server component vulnerable to access to information stored in file system

Trust: 0.8

sources: JVNDB: JVNDB-2017-004807

DESCRIPTION

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1). Local attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd76286. ConfD server component is a management framework component

Trust: 1.98

sources: NVD: CVE-2017-6693 // JVNDB: JVNDB-2017-004807 // BID: 98985 // VULHUB: VHN-114896

AFFECTED PRODUCTS

vendor:	cisco	model:	elastic services controller	scope:	eq	version:	2.3\(1\)	Trust: 1.6
vendor:	cisco	model:	elastic services controller	scope:	eq	version:	2.2\(9.76\)	Trust: 1.6
vendor:	cisco	model:	elastic services controller	scope:	eq	version:	2.2(9.76)	Trust: 0.8
vendor:	cisco	model:	elastic services controller	scope:	eq	version:	2.3(1)	Trust: 0.8
vendor:	cisco	model:	virtual managed services	scope:	eq	version:	2.3(1)	Trust: 0.3
vendor:	cisco	model:	virtual managed services	scope:	eq	version:	2.2(9.76)	Trust: 0.3
vendor:	cisco	model:	elastic services controllers	scope:	eq	version:	0	Trust: 0.3

sources: BID: 98985 // JVNDB: JVNDB-2017-004807 // CNNVD: CNNVD-201706-438 // NVD: CVE-2017-6693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6693
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6693
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201706-438
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114896
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-6693
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114896
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6693
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114896 // JVNDB: JVNDB-2017-004807 // CNNVD: CNNVD-201706-438 // NVD: CVE-2017-6693

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-114896 // JVNDB: JVNDB-2017-004807 // NVD: CVE-2017-6693

THREAT TYPE

local

Trust: 0.9

sources: BID: 98985 // CNNVD: CNNVD-201706-438

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201706-438

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004807

PATCH

title:	cisco-sa-20170607-esc7	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7	Trust: 0.8
title:	Cisco Elastic Services Controller ConfD Repair measures for server component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70883	Trust: 0.6

sources: JVNDB: JVNDB-2017-004807 // CNNVD: CNNVD-201706-438

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6693	Trust: 2.8
db:	BID	id:	98985	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-004807	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-438	Trust: 0.6
db:	VULHUB	id:	VHN-114896	Trust: 0.1

sources: VULHUB: VHN-114896 // BID: 98985 // JVNDB: JVNDB-2017-004807 // CNNVD: CNNVD-201706-438 // NVD: CVE-2017-6693

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esc7	Trust: 2.0
url:	http://www.securityfocus.com/bid/98985	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6693	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6693	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114896 // BID: 98985 // JVNDB: JVNDB-2017-004807 // CNNVD: CNNVD-201706-438 // NVD: CVE-2017-6693

CREDITS

Cisco

Trust: 0.9

sources: BID: 98985 // CNNVD: CNNVD-201706-438

SOURCES

db:	VULHUB	id:	VHN-114896
db:	BID	id:	98985
db:	JVNDB	id:	JVNDB-2017-004807
db:	CNNVD	id:	CNNVD-201706-438
db:	NVD	id:	CVE-2017-6693

LAST UPDATE DATE

2025-04-20T23:26:04.539000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114896	date:	2019-10-03T00:00:00
db:	BID	id:	98985	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004807	date:	2017-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201706-438	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6693	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114896	date:	2017-06-13T00:00:00
db:	BID	id:	98985	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004807	date:	2017-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201706-438	date:	2017-06-14T00:00:00
db:	NVD	id:	CVE-2017-6693	date:	2017-06-13T06:29:01.627