CVE-2017-12315 - OpenCVE

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Hyperflex Hx Data Platform

Configuration 1 [-]

cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\(1a\):*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101864
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-11-16T07:00:00

Updated: 2024-08-05T18:36:55.849Z

Reserved: 2017-08-03T00:00:00

Link: CVE-2017-12315

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-11-16T07:29:00.743

Modified: 2019-10-09T23:22:56.183

Link: CVE-2017-12315

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco HyperFlex System", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco HyperFlex System"}]}], "datePublic": "2017-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-11-17T10:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "101864", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101864"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-12315", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco HyperFlex System", "version": {"version_data": [{"version_value": "Cisco HyperFlex System"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "101864", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101864"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:36:55.849Z"}, "title": "CVE Program Container", "references": [{"name": "101864", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101864"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-12315", "datePublished": "2017-11-16T07:00:00", "dateReserved": "2017-08-03T00:00:00", "dateUpdated": "2024-08-05T18:36:55.849Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "0D56AD98-9D0D-4ECA-8766-4F19A33F954D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472."}, {"lang": "es", "value": "Una vulnerabilidad en el inicio de sesi\u00f3n del sistema cuando se est\u00e1 configurando la replicaci\u00f3n en Cisco HyperFlex System podr\u00eda permitir que un atacante local autenticado vea informaci\u00f3n sensible que deber\u00eda estar restringida en los archivos de registro del sistema. El atacante tendr\u00eda que estar autenticado como usuario administrativo para llevar a cabo este ataque. La vulnerabilidad se debe a la falta de enmascaramiento de informaci\u00f3n sensible en archivos de registro del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el dispositivo objetivo y viendo el archivo de registro del sistema. Un exploit podr\u00eda permitir que el atacante vea informaci\u00f3n sensible del sistema que deber\u00eda estar restringida. El atacante podr\u00eda utilizar esta informaci\u00f3n para llevar a cabo ataques de reconocimiento adicionales. Cisco Bug IDs: CSCvg31472."}], "id": "CVE-2017-12315", "lastModified": "2019-10-09T23:22:56.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-16T07:29:00.743", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101864"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}