CVE-2017-6786
Last modified
CVE-2017-6786 is a vulnerability of currently unknown severity. A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Elastic Services Controller | 2.2\(9.76\) |
References
- http://www.securityfocus.com/bid/100391Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/100391Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6786?
How severe is CVE-2017-6786?
How do I fix CVE-2017-6786?
Are you affected by CVE-2017-6786?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST