CVE-2017-6778

{"id": "CVE-2017-6778", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-08-17T20:29:00.683", "references": [{"url": "http://www.securityfocus.com/bid/100380", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web Elastic Services Controller (ESC) de Cisco Ultra Platform podr\u00eda permitir que un atacante remoto autenticado consiga informaci\u00f3n sensible. La vulnerabilidad se debe a la transmisi\u00f3n de informaci\u00f3n sensible como parte de una petici\u00f3n GET. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n GET a un dispositivo afectado. Un exploit podr\u00eda permitir que el atacante vea informaci\u00f3n relacionada con la implementaci\u00f3n de Ultra Services Platform. Cisco Bug IDs: CSCvd76406. Versiones afectadas conocidas: 21.0.v0.65839."}], "lastModified": "2017-08-25T10:55:07.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ultra_services_platform:21.0.v0.65839:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C9B44D1-0621-4CB4-AD87-E40072F8E855"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}