CVE-2018-0106
Description
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221.
Risk Information
Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.068
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Elastic Services Controller Information Disclosure Vulnerability For Cisco Elastic Services Controller | NCM |
| Files or Directories Accessible to External Parties Vulnerability (CVE-2018-0106) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1700559 | Security Update for Cisco Elastic Services Controller 5.3(0.102) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234