Sign-up

ID

VAR-201708-1340


CVE

CVE-2017-6786


TITLE

Cisco Elastic Services Controller Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-007195

DESCRIPTION

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76). Vendors have confirmed this vulnerability Bug ID CSCvc76616 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may result in further attacks

Trust: 1.98

sources: NVD: CVE-2017-6786 // JVNDB: JVNDB-2017-007195 // BID: 100391 // VULHUB: VHN-114989

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2\(9.76\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.2(9.76)

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 100391 // JVNDB: JVNDB-2017-007195 // CNNVD: CNNVD-201708-796 // NVD: CVE-2017-6786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6786
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6786
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201708-796
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114989
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6786
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114989
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6786
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.0
impactScore: 3.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114989 // JVNDB: JVNDB-2017-007195 // CNNVD: CNNVD-201708-796 // NVD: CVE-2017-6786

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-114989 // JVNDB: JVNDB-2017-007195 // NVD: CVE-2017-6786

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201708-796

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-796

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007195

PATCH
title:cisco-sa-20170816-esc4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-007195

EXTERNAL IDS
db:NVDid:CVE-2017-6786
Trust: 2.8
db:BIDid:100391
Trust: 1.4
db:JVNDBid:JVNDB-2017-007195
Trust: 0.8
db:CNNVDid:CNNVD-201708-796
Trust: 0.7
db:NSFOCUSid:37452
Trust: 0.6
db:VULHUBid:VHN-114989
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114989 // 
            
            
            
            BID: 100391 // 
            
            
            
            JVNDB: JVNDB-2017-007195 // 
            
            
            
            CNNVD: CNNVD-201708-796 // 
            
            
            
            NVD: CVE-2017-6786

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170816-esc4
Trust: 2.0
url:http://www.securityfocus.com/bid/100391
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6786
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6786
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37452
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114989 // 
            
            
            
            BID: 100391 // 
            
            
            
            JVNDB: JVNDB-2017-007195 // 
            
            
            
            CNNVD: CNNVD-201708-796 // 
            
            
            
            NVD: CVE-2017-6786

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100391

SOURCES
db:VULHUBid:VHN-114989
db:BIDid:100391
db:JVNDBid:JVNDB-2017-007195
db:CNNVDid:CNNVD-201708-796
db:NVDid:CVE-2017-6786

LAST UPDATE DATE
2025-04-20T23:40:02.275000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114989date:2017-08-24T00:00:00
db:BIDid:100391date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007195date:2017-09-13T00:00:00
db:CNNVDid:CNNVD-201708-796date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6786date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114989date:2017-08-17T00:00:00
db:BIDid:100391date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-007195date:2017-09-13T00:00:00
db:CNNVDid:CNNVD-201708-796date:2017-08-18T00:00:00
db:NVDid:CVE-2017-6786date:2017-08-17T20:29:00.887