Sign-up

ID

VAR-201711-0316


CVE

CVE-2017-12315


TITLE

Cisco HyperFlex System system logging information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-34916 // CNNVD: CNNVD-201711-667

DESCRIPTION

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472. Cisco HyperFlex System Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg31472 It is released as.Information may be obtained. Cisco HyperFlexSystem is a data platform device from Cisco. Systemlogging is one of the system loggers

Trust: 2.52

sources: NVD: CVE-2017-12315 // JVNDB: JVNDB-2017-010479 // CNVD: CNVD-2017-34916 // BID: 101864 // VULHUB: VHN-102825

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34916

AFFECTED PRODUCTS

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:2.6\(1a\)

Trust: 1.6

vendor:ciscomodel:hyperflexscope:eqversion:system

Trust: 0.8

vendor:ciscomodel:hyperflex systemscope: - version: -

Trust: 0.6

vendor:ciscomodel:hyperflex systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:hyperflex hx-series 2.6scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2017-34916 // BID: 101864 // JVNDB: JVNDB-2017-010479 // CNNVD: CNNVD-201711-667 // NVD: CVE-2017-12315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12315
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12315
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-34916
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-667
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102825
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-12315
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34916
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102825
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12315
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34916 // VULHUB: VHN-102825 // JVNDB: JVNDB-2017-010479 // CNNVD: CNNVD-201711-667 // NVD: CVE-2017-12315

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-102825 // JVNDB: JVNDB-2017-010479 // NVD: CVE-2017-12315

THREAT TYPE

local

Trust: 0.9

sources: BID: 101864 // CNNVD: CNNVD-201711-667

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-667

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010479

PATCH
title:cisco-sa-20171115-hyperflexurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex
Trust: 0.8
title:Patch for CiscoHyperFlexSystemsystemlogging Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/106624
Trust: 0.6
title:Cisco HyperFlex System system logging Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76495
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34916 // 
            
            
            
            JVNDB: JVNDB-2017-010479 // 
            
            
            
            CNNVD: CNNVD-201711-667

EXTERNAL IDS
db:NVDid:CVE-2017-12315
Trust: 3.4
db:BIDid:101864
Trust: 2.6
db:JVNDBid:JVNDB-2017-010479
Trust: 0.8
db:CNNVDid:CNNVD-201711-667
Trust: 0.7
db:CNVDid:CNVD-2017-34916
Trust: 0.6
db:VULHUBid:VHN-102825
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34916 // 
            
            
            
            VULHUB: VHN-102825 // 
            
            
            
            BID: 101864 // 
            
            
            
            JVNDB: JVNDB-2017-010479 // 
            
            
            
            CNNVD: CNNVD-201711-667 // 
            
            
            
            NVD: CVE-2017-12315

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171115-hyperflex
Trust: 2.6
url:http://www.securityfocus.com/bid/101864
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12315
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12315
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-34916 // 
            
            
            
            VULHUB: VHN-102825 // 
            
            
            
            BID: 101864 // 
            
            
            
            JVNDB: JVNDB-2017-010479 // 
            
            
            
            CNNVD: CNNVD-201711-667 // 
            
            
            
            NVD: CVE-2017-12315

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 101864

SOURCES
db:CNVDid:CNVD-2017-34916
db:VULHUBid:VHN-102825
db:BIDid:101864
db:JVNDBid:JVNDB-2017-010479
db:CNNVDid:CNNVD-201711-667
db:NVDid:CVE-2017-12315

LAST UPDATE DATE
2025-04-20T23:19:44.981000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34916date:2017-11-22T00:00:00
db:VULHUBid:VHN-102825date:2019-10-09T00:00:00
db:BIDid:101864date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-010479date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-667date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12315date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34916date:2017-11-22T00:00:00
db:VULHUBid:VHN-102825date:2017-11-16T00:00:00
db:BIDid:101864date:2017-11-15T00:00:00
db:JVNDBid:JVNDB-2017-010479date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201711-667date:2017-11-20T00:00:00
db:NVDid:CVE-2017-12315date:2017-11-16T07:29:00.743