CVE-2017-12289

{"id": "CVE-2017-12289", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2017-10-19T08:29:00.593", "references": [{"url": "http://www.securityfocus.com/bid/101509", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039628", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticating to the device and enabling conditional, verbose debug logging for IPsec and viewing the log file. An exploit could allow the attacker to access sensitive information related to the IPsec configuration. Cisco Bug IDs: CSCvf12081."}, {"lang": "es", "value": "Una vulnerabilidad en el registro de depuraci\u00f3n detallado, condicional para la funcionalidad IPsec del software Cisco IOS XE podr\u00eda permitir que un atacante local autenticado muestre informaci\u00f3n sensible de IPsec en el archivo de registro del sistema La vulnerabilidad se debe a la incorrecta implementaci\u00f3n del registro de depuraci\u00f3n detallado, condicional que da lugar a que se escriba informaci\u00f3n sensible en el archivo de registro. Esta informaci\u00f3n deber\u00eda estar restringida. Un atacante que tenga credenciales de administrador v\u00e1lidas podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el dispositivo y habilitando el registro de depuraci\u00f3n detallado, condicional para IPsec y visualizando el archivo de registro. Un exploit podr\u00eda permitir que el atacante acceda a informaci\u00f3n sensible relacionada con la configuraci\u00f3n de IPsec. Cisco Bug IDs: CSCvf12081"}], "lastModified": "2019-10-09T23:22:51.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEA741AC-86FB-42C8-AA2E-D984CB975710", "versionEndIncluding": "16.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}