Vulnerability Details : CVE-2017-6694
A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839.
Products affected by CVE-2017-6694
- cpe:2.3:a:cisco:ultra_services_platform:21.0.v0.65839:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6694
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6694
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-6694
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6694
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1
Cisco Ultra Services Platform Plaintext Credential Logging Information Disclosure VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/98972
Cisco Ultra Services Platform CVE-2017-6694 Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to