CVE-2017-6694

MEDIUM

Cisco Ultra Services Platform - Insufficiently Protected Credentials

Title source: rule

Description

A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98972

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 17.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status draft

Affected Products (1)

cisco/ultra_services_platform

Timeline

Published Jun 13, 2017

Tracked Since Feb 18, 2026