Sign-up

ID

VAR-201708-1328


CVE

CVE-2017-6772


TITLE

Cisco Elastic Services Controller Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007078

DESCRIPTION

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd29408 It is released as.Information may be obtained. This may result in further attacks

Trust: 1.98

sources: NVD: CVE-2017-6772 // JVNDB: JVNDB-2017-007078 // BID: 100388 // VULHUB: VHN-114975

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3\(2\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.3(2)

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 100388 // JVNDB: JVNDB-2017-007078 // CNNVD: CNNVD-201708-786 // NVD: CVE-2017-6772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6772
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6772
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201708-786
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114975
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6772
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114975
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6772
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114975 // JVNDB: JVNDB-2017-007078 // CNNVD: CNNVD-201708-786 // NVD: CVE-2017-6772

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114975 // JVNDB: JVNDB-2017-007078 // NVD: CVE-2017-6772

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-786

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-786

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007078

PATCH
title:cisco-sa-20170816-esc1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1
Trust: 0.8
title:Cisco Elastic Services Controller Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74103
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-007078 // 
            
            
            
            CNNVD: CNNVD-201708-786

EXTERNAL IDS
db:NVDid:CVE-2017-6772
Trust: 2.8
db:BIDid:100388
Trust: 1.4
db:JVNDBid:JVNDB-2017-007078
Trust: 0.8
db:CNNVDid:CNNVD-201708-786
Trust: 0.7
db:NSFOCUSid:37446
Trust: 0.6
db:VULHUBid:VHN-114975
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114975 // 
            
            
            
            BID: 100388 // 
            
            
            
            JVNDB: JVNDB-2017-007078 // 
            
            
            
            CNNVD: CNNVD-201708-786 // 
            
            
            
            NVD: CVE-2017-6772

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-esc1
Trust: 2.0
url:http://www.securityfocus.com/bid/100388
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6772
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6772
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37446
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114975 // 
            
            
            
            BID: 100388 // 
            
            
            
            JVNDB: JVNDB-2017-007078 // 
            
            
            
            CNNVD: CNNVD-201708-786 // 
            
            
            
            NVD: CVE-2017-6772

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100388

SOURCES
db:VULHUBid:VHN-114975
db:BIDid:100388
db:JVNDBid:JVNDB-2017-007078
db:CNNVDid:CNNVD-201708-786
db:NVDid:CVE-2017-6772

LAST UPDATE DATE
2025-04-20T23:29:34.958000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114975date:2017-08-22T00:00:00
db:BIDid:100388date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007078date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-786date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6772date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114975date:2017-08-17T00:00:00
db:BIDid:100388date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007078date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-786date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6772date:2017-08-17T20:29:00.497