CVE-2017-6771

HIGH

Cisco Ultra Services Framework - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100385

Scores

CVSS v3 7.5
EPSS 0.0171
EPSS Percentile 74.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
cisco/ultra_services_framework 21.0.v0.65839
Cisco Systems, Inc./Ultra Services Framework 21.0.v0.65839
Published Aug 17, 2017
Tracked Since Feb 18, 2026