How severe is CVE-2017-12289?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2017-12289?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2017-12289

MEDIUM Year: 2017

CVSS v3 Score

4.4

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-200

View all →

Vulnerability Description

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticating to the device and enabling conditional, verbose debug logging for IPsec and viewing the log file. An exploit could allow the attacker to access sensitive information related to the IPsec configuration. Cisco Bug IDs: CSCvf12081.

CVE-2015-7418

MEDIUM

CVSS:4.4(Medium)

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator priv...

CWE-2002015

CVE-2015-7462

MEDIUM

CVSS:4.4(Medium)

IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertc...

CWE-2002015

CVE-2016-1242

MEDIUM

CVSS:4.4(Medium)

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files...

CWE-2002016

CVE-2016-7091

MEDIUM

CVSS:4.4(Medium)

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosu...

CWE-2002016

CVE-2016-7397

MEDIUM

CVSS:4.4(Medium)

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in th...

CWE-2002016

CVE-2016-7442

MEDIUM

CVSS:4.4(Medium)

CWE-2002016

CVE-2017-12289

Vulnerability Description

Related Vulnerabilities

CVE-2015-7418

CVE-2015-7462

CVE-2016-1242

CVE-2016-7091

CVE-2016-7397

CVE-2016-7442