Sign-up

ID

VAR-201706-0573


CVE

CVE-2017-6694


TITLE

Cisco Ultra Services Platform of VNFM Important data in your login function Vulnerability viewed

Trust: 0.8

sources: JVNDB: JVNDB-2017-004817

DESCRIPTION

A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd29355 It is released as.Critical data by local attackers ( Plain text authentication information ) May be viewed. Cisco Ultra Services Platform is prone to local information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvd29355

Trust: 1.98

sources: NVD: CVE-2017-6694 // JVNDB: JVNDB-2017-004817 // BID: 98972 // VULHUB: VHN-114897

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services platformscope:eqversion:21.0.v0.65839

Trust: 1.6

vendor:ciscomodel:ultra services platformscope: - version: -

Trust: 0.8

vendor:ciscomodel:ultra services platformscope:eqversion:0

Trust: 0.3

sources: BID: 98972 // JVNDB: JVNDB-2017-004817 // CNNVD: CNNVD-201706-371 // NVD: CVE-2017-6694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6694
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6694
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201706-371
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114897
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-6694
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114897
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6694
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114897 // JVNDB: JVNDB-2017-004817 // CNNVD: CNNVD-201706-371 // NVD: CVE-2017-6694

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-114897 // JVNDB: JVNDB-2017-004817 // NVD: CVE-2017-6694

THREAT TYPE

local

Trust: 0.9

sources: BID: 98972 // CNNVD: CNNVD-201706-371

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-371

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004817

PATCH
title:cisco-sa-20170607-usp1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1
Trust: 0.8
title:Cisco Ultra Services Platform Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71485
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004817 // 
            
            
            
            CNNVD: CNNVD-201706-371

EXTERNAL IDS
db:NVDid:CVE-2017-6694
Trust: 2.8
db:BIDid:98972
Trust: 2.0
db:JVNDBid:JVNDB-2017-004817
Trust: 0.8
db:CNNVDid:CNNVD-201706-371
Trust: 0.7
db:VULHUBid:VHN-114897
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114897 // 
            
            
            
            BID: 98972 // 
            
            
            
            JVNDB: JVNDB-2017-004817 // 
            
            
            
            CNNVD: CNNVD-201706-371 // 
            
            
            
            NVD: CVE-2017-6694

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-usp1
Trust: 2.0
url:http://www.securityfocus.com/bid/98972
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6694
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6694
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114897 // 
            
            
            
            BID: 98972 // 
            
            
            
            JVNDB: JVNDB-2017-004817 // 
            
            
            
            CNNVD: CNNVD-201706-371 // 
            
            
            
            NVD: CVE-2017-6694

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98972 // 
            
            
            
            CNNVD: CNNVD-201706-371

SOURCES
db:VULHUBid:VHN-114897
db:BIDid:98972
db:JVNDBid:JVNDB-2017-004817
db:CNNVDid:CNNVD-201706-371
db:NVDid:CVE-2017-6694

LAST UPDATE DATE
2025-04-20T23:34:21.370000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114897date:2019-10-03T00:00:00
db:BIDid:98972date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004817date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-371date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6694date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114897date:2017-06-13T00:00:00
db:BIDid:98972date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004817date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-371date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6694date:2017-06-13T06:29:01.660