CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
A vulnerability in the debug logging function of Cisco Networking Services (CNS) used for configuring Cisco IOS networking devices could allow an authenticated, local attacker to disclose sensitive data.
The vulnerability is due to insufficient protections of sensitive data at rest. An attacker could exploit this vulnerability by accessing a specific file and reading the sensitive information.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns”]