Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2017-12315
HistoryNov 16, 2017 - 7:29 a.m.

CVE-2017-12315

2017-11-1607:29:00
CWE-200
cisco
web.nvd.nist.gov
35
2
cve-2017-12315
system logging
vulnerability
cisco hyperflex
replication
information security
cisco bug ids
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472.

Affected configurations

Nvd
Node
ciscohyperflex_hx_data_platformMatch2.6\(1a\)
VendorProductVersionCPE
ciscohyperflex_hx_data_platform2.6(1a)cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\(1a\):*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco HyperFlex System",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco HyperFlex System"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
prion 1
nvd 1
cisco 1
cvelist
cvelist
CVE-2017-12315
2017-11-16 07:00:00
prion
prion
Design/Logic Flaw
2017-11-16 07:29:00
nvd
nvd
CVE-2017-12315
2017-11-16 07:29:00
cisco
cisco
Cisco HyperFlex System Authenticated Information Disclosure Vulnerability
2017-11-15 16:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2017-12315
cvelist1prion1nvd1cisco1