cnvd - cnvd-2017-17198

CNVD-2017-17198

Vulnerability from cnvd - Published: 2017-07-28

Title

Cisco Ultra Services Platform信息泄露漏洞

Description

Cisco Ultra Services Platform是美国思科（Cisco）公司的一个智能在线服务交付平台。 Cisco Ultra Services Platform 21.0.v0.65839版本中的Virtual Network Manager's(VNFM) logging函数存在信息泄露漏洞，该漏洞源于程序未能充分的保护敏感数据。本地攻击者可利用该漏洞查看受影响系统上的敏感数据。

Severity

低

Patch Name

Cisco Ultra Services Platform信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1

Reference

http://www.securityfocus.com/bid/98972

Impacted products

Name
Cisco Ultra Services Platform 21.0.v0.65839

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98972"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6694",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6694"
    }
  },
  "description": "Cisco Ultra Services Platform\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u667a\u80fd\u5728\u7ebf\u670d\u52a1\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nCisco Ultra Services Platform 21.0.v0.65839\u7248\u672c\u4e2d\u7684Virtual Network Manager\u0027s(VNFM) logging\u51fd\u6570\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u4fdd\u62a4\u654f\u611f\u6570\u636e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u53d7\u5f71\u54cd\u7cfb\u7edf\u4e0a\u7684\u654f\u611f\u6570\u636e\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-17198",
  "openTime": "2017-07-28",
  "patchDescription": "Cisco Ultra Services Platform\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u667a\u80fd\u5728\u7ebf\u670d\u52a1\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nCisco Ultra Services Platform 21.0.v0.65839\u7248\u672c\u4e2d\u7684Virtual Network Manager\u0027s(VNFM) logging\u51fd\u6570\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u4fdd\u62a4\u654f\u611f\u6570\u636e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u53d7\u5f71\u54cd\u7cfb\u7edf\u4e0a\u7684\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Ultra Services Platform\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Ultra Services Platform 21.0.v0.65839"
  },
  "referenceLink": "http://www.securityfocus.com/bid/98972",
  "serverity": "\u4f4e",
  "submitTime": "2017-07-27",
  "title": "Cisco Ultra Services Platform\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-6694 (GCVE-0-2017-6694)

Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 15:41

Summary

A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839.

Severity ?

No CVSS data available.

CWE

Information Disclosure Vulnerability

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/98972	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Ultra Services Platform	Affected: Cisco Ultra Services Platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:16.111Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98972",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98972"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Ultra Services Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Ultra Services Platform"
            }
          ]
        }
      ],
      "datePublic": "2017-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Virtual Network Function Manager\u0027s (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-13T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "98972",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98972"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6694",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Ultra Services Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Ultra Services Platform"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Virtual Network Function Manager\u0027s (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98972",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98972"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6694",
    "datePublished": "2017-06-13T06:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:16.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-17198

CVE-2017-6694 (GCVE-0-2017-6694)

Tags

Sightings

Nomenclature