SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS XE IPsec Verbose Debug Logging Error Lets Local Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1039628
SecurityTracker URL:  http://securitytracker.com/id/1039628
CVE Reference:   CVE-2017-12289   (Links to External Site)
Date:  Oct 18 2017
Impact:   Disclosure of system information, Disclosure of user information
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco IOS XE. A local user can obtain potentially sensitive information.

A local user with administrative privileges can enable the conditional, verbose debug logging feature for IPsec and then view the log file to obtain potentially sensitive IPsec configuration information on the target system.

The vendor has assigned bug ID CSCvf12081 to this vulnerability.

Impact:   A local user with administrative privileges can obtain potentially sensitive IPsec configuration information on the target system.
Solution:   No solution was available at the time of this entry.

[Editor's note: The vendor's bug report has not been publicly released. A fix may be available.]

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC