Details of VAR-201708-1334

ID

VAR-201708-1334

CVE

CVE-2017-6778

TITLE

Cisco Ultra Services Platform Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007252

DESCRIPTION

A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd76406 It is released as.Information may be obtained. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Elastic Services Controller (ESC) is one of the open source modular systems

Trust: 1.98

sources: NVD: CVE-2017-6778 // JVNDB: JVNDB-2017-007252 // BID: 100380 // VULHUB: VHN-114981

AFFECTED PRODUCTS

vendor:	cisco	model:	ultra services platform	scope:	eq	version:	21.0.v0.65839	Trust: 1.6
vendor:	cisco	model:	ultra services platform	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ultra services platform	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ultra automation services	scope:	eq	version:	21.0.v0.65839	Trust: 0.3

sources: BID: 100380 // JVNDB: JVNDB-2017-007252 // CNNVD: CNNVD-201708-792 // NVD: CVE-2017-6778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6778
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6778
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201708-792
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114981
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6778
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114981
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6778
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114981 // JVNDB: JVNDB-2017-007252 // CNNVD: CNNVD-201708-792 // NVD: CVE-2017-6778

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-114981 // JVNDB: JVNDB-2017-007252 // NVD: CVE-2017-6778

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-792

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-792

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007252

PATCH

title:	cisco-sa-20170816-usp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp	Trust: 0.8
title:	Cisco Ultra Services Platform Elastic Services Controller Web Repair measures for interface information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74109	Trust: 0.6

sources: JVNDB: JVNDB-2017-007252 // CNNVD: CNNVD-201708-792

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6778	Trust: 2.8
db:	BID	id:	100380	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-007252	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-792	Trust: 0.7
db:	NSFOCUS	id:	37442	Trust: 0.6
db:	VULHUB	id:	VHN-114981	Trust: 0.1

sources: VULHUB: VHN-114981 // BID: 100380 // JVNDB: JVNDB-2017-007252 // CNNVD: CNNVD-201708-792 // NVD: CVE-2017-6778

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-usp	Trust: 2.0
url:	http://www.securityfocus.com/bid/100380	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6778	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6778	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/37442	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114981 // BID: 100380 // JVNDB: JVNDB-2017-007252 // CNNVD: CNNVD-201708-792 // NVD: CVE-2017-6778

CREDITS

Cisco

Trust: 0.3

sources: BID: 100380

SOURCES

db:	VULHUB	id:	VHN-114981
db:	BID	id:	100380
db:	JVNDB	id:	JVNDB-2017-007252
db:	CNNVD	id:	CNNVD-201708-792
db:	NVD	id:	CVE-2017-6778

LAST UPDATE DATE

2025-04-20T23:04:25.128000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114981	date:	2017-08-25T00:00:00
db:	BID	id:	100380	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007252	date:	2017-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201708-792	date:	2017-08-18T00:00:00
db:	NVD	id:	CVE-2017-6778	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114981	date:	2017-08-17T00:00:00
db:	BID	id:	100380	date:	2017-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-007252	date:	2017-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201708-792	date:	2017-08-18T00:00:00
db:	NVD	id:	CVE-2017-6778	date:	2017-08-17T20:29:00.683