Sign-up

ID

VAR-201708-1333


CVE

CVE-2017-6777


TITLE

Cisco Elastic Services Controller Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007079

DESCRIPTION

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd76409 It is released as.Information may be obtained. Successful exploits will allow attackers to gain access to the sensitive information. This may result in further attacks. ConfD server is one of the configuration management servers

Trust: 2.07

sources: NVD: CVE-2017-6777 // JVNDB: JVNDB-2017-007079 // BID: 100390 // VULHUB: VHN-114980 // VULMON: CVE-2017-6777

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3\(2\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.3(2)

Trust: 0.3

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.3

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 100390 // JVNDB: JVNDB-2017-007079 // CNNVD: CNNVD-201708-791 // NVD: CVE-2017-6777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6777
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6777
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201708-791
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114980
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-6777
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6777
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114980
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6777
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114980 // VULMON: CVE-2017-6777 // JVNDB: JVNDB-2017-007079 // CNNVD: CNNVD-201708-791 // NVD: CVE-2017-6777

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114980 // JVNDB: JVNDB-2017-007079 // NVD: CVE-2017-6777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-791

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-791

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007079

PATCH
title:cisco-sa-20170816-esc3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3
Trust: 0.8
title:Cisco Elastic Services Controller ConfD Repair measures for server information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74108
Trust: 0.6
title:Cisco: Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170816-esc3
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6777 // 
            
            
            
            JVNDB: JVNDB-2017-007079 // 
            
            
            
            CNNVD: CNNVD-201708-791

EXTERNAL IDS
db:NVDid:CVE-2017-6777
Trust: 2.9
db:BIDid:100390
Trust: 1.5
db:JVNDBid:JVNDB-2017-007079
Trust: 0.8
db:CNNVDid:CNNVD-201708-791
Trust: 0.7
db:NSFOCUSid:37458
Trust: 0.6
db:VULHUBid:VHN-114980
Trust: 0.1
db:VULMONid:CVE-2017-6777
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114980 // 
            
            
            
            VULMON: CVE-2017-6777 // 
            
            
            
            BID: 100390 // 
            
            
            
            JVNDB: JVNDB-2017-007079 // 
            
            
            
            CNNVD: CNNVD-201708-791 // 
            
            
            
            NVD: CVE-2017-6777

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-esc3
Trust: 2.2
url:http://www.securityfocus.com/bid/100390
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6777
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6777
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37458
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114980 // 
            
            
            
            VULMON: CVE-2017-6777 // 
            
            
            
            BID: 100390 // 
            
            
            
            JVNDB: JVNDB-2017-007079 // 
            
            
            
            CNNVD: CNNVD-201708-791 // 
            
            
            
            NVD: CVE-2017-6777

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100390

SOURCES
db:VULHUBid:VHN-114980
db:VULMONid:CVE-2017-6777
db:BIDid:100390
db:JVNDBid:JVNDB-2017-007079
db:CNNVDid:CNNVD-201708-791
db:NVDid:CVE-2017-6777

LAST UPDATE DATE
2025-04-20T23:42:10.300000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114980date:2017-08-22T00:00:00
db:VULMONid:CVE-2017-6777date:2017-08-22T00:00:00
db:BIDid:100390date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007079date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-791date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6777date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114980date:2017-08-17T00:00:00
db:VULMONid:CVE-2017-6777date:2017-08-17T00:00:00
db:BIDid:100390date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007079date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201708-791date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6777date:2017-08-17T20:29:00.650