CVE-2017-6693

MEDIUM

Cisco Elastic Services Controller - Authenticated Unauthorized Directory Access via ConfD Server

Title source: llm
STIX 2.1

Description

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1).

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98985

Scores

CVSS v3 5.5
EPSS 0.0027
EPSS Percentile 19.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (3)
cisco/elastic_services_controller 2.2\(9.76\)
cisco/elastic_services_controller 2.3\(1\)
n/a/Cisco Elastic Services Controller Cisco Elastic Services Controller
Published Jun 13, 2017
Tracked Since Feb 18, 2026