Sign-up

ID

VAR-201706-0575


CVE

CVE-2017-6696


TITLE

Cisco Elastic Services Controller Vulnerability in a file system that gains access to user credentials

Trust: 0.8

sources: JVNDB: JVNDB-2017-004808

DESCRIPTION

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2). An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvd73677

Trust: 1.98

sources: NVD: CVE-2017-6696 // JVNDB: JVNDB-2017-004808 // BID: 98952 // VULHUB: VHN-114899

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3\(2\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3(2)

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.3(2)

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 98952 // JVNDB: JVNDB-2017-004808 // CNNVD: CNNVD-201706-361 // NVD: CVE-2017-6696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6696
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6696
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201706-361
value: LOW

Trust: 0.6

VULHUB: VHN-114899
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-6696
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114899
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6696
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114899 // JVNDB: JVNDB-2017-004808 // CNNVD: CNNVD-201706-361 // NVD: CVE-2017-6696

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114899 // JVNDB: JVNDB-2017-004808 // NVD: CVE-2017-6696

THREAT TYPE

local

Trust: 0.9

sources: BID: 98952 // CNNVD: CNNVD-201706-361

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-361

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004808

PATCH
title:cisco-sa-20170607-esc8url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004808

EXTERNAL IDS
db:NVDid:CVE-2017-6696
Trust: 2.8
db:BIDid:98952
Trust: 2.0
db:JVNDBid:JVNDB-2017-004808
Trust: 0.8
db:CNNVDid:CNNVD-201706-361
Trust: 0.7
db:NSFOCUSid:36820
Trust: 0.6
db:VULHUBid:VHN-114899
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114899 // 
            
            
            
            BID: 98952 // 
            
            
            
            JVNDB: JVNDB-2017-004808 // 
            
            
            
            CNNVD: CNNVD-201706-361 // 
            
            
            
            NVD: CVE-2017-6696

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esc8
Trust: 2.0
url:http://www.securityfocus.com/bid/98952
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6696
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6696
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36820
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114899 // 
            
            
            
            BID: 98952 // 
            
            
            
            JVNDB: JVNDB-2017-004808 // 
            
            
            
            CNNVD: CNNVD-201706-361 // 
            
            
            
            NVD: CVE-2017-6696

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98952 // 
            
            
            
            CNNVD: CNNVD-201706-361

SOURCES
db:VULHUBid:VHN-114899
db:BIDid:98952
db:JVNDBid:JVNDB-2017-004808
db:CNNVDid:CNNVD-201706-361
db:NVDid:CVE-2017-6696

LAST UPDATE DATE
2025-04-20T23:42:12.647000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114899date:2017-06-20T00:00:00
db:BIDid:98952date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004808date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-361date:2017-07-14T00:00:00
db:NVDid:CVE-2017-6696date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114899date:2017-06-13T00:00:00
db:BIDid:98952date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004808date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-361date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6696date:2017-06-13T06:29:01.723