CVE-2018-0106
LOWCisco Elastic Services Controller - Unauthenticated Sensitive Information Exposure via ConfD Directory Access
Title source: llmDescription
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102757
Scores
CVSS v3
3.3
EPSS
0.0030
EPSS Percentile
21.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-552
CWE-200
Status
published
Products (1)
cisco/elastic_services_controller
Published
Jan 18, 2018
Tracked Since
Feb 18, 2026