漏洞标题
N/A
漏洞描述信息
在Cisco HyperFlex System中进行复制配置时,系统日志中的漏洞可能导致已验证的本地攻击者查看应该被限制的系统日志文件中的敏感信息。攻击者需要进行 administrative 用户的认证来进行此攻击。该漏洞是由于系统日志文件中敏感信息未能正确掩藏。攻击者可以通过对目标设备进行认证并查看系统日志文件来利用此漏洞。利用此漏洞可以使攻击者查看应该被限制的敏感系统信息。攻击者可以利用这些信息进行进一步的侦察攻击。Cisco bug ID: CSCvg31472。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472.
CVSS信息
N/A
漏洞类别
信息暴露
漏洞标题
Cisco HyperFlex System system logging 信息泄露漏洞
漏洞描述信息
Cisco HyperFlex System是美国思科(Cisco)公司的一款数据平台设备。system logging是其中的一个系统日志记录器。 Cisco HyperFlex System中的system logging存在信息泄露漏洞,该漏洞源于程序没有正确的掩盖系统日志文件的敏感信息。已认证的本地攻击者可利用该漏洞查看敏感信息。
CVSS信息
N/A
漏洞类别
信息泄露