A vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device.

The attacker must have valid credentials for the device.

The vulnerability occurs because sensitive information is not obscured in the generated configuration files.

An attacker could exploit this vulnerability by authenticating to the application and using the network management interface to generate configuration files.

An exploit could allow the attacker to reveal sensitive information in the device configuration.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo
A vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device.

The attacker must have valid credentials for the device.

The vulnerability occurs because sensitive information is not obscured in the generated configuration files.

An attacker could exploit this vulnerability by authenticating to the application and using the network management interface to generate configuration files.

An exploit could allow the attacker to reveal sensitive information in the device configuration.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo

Security Impact Rating: Medium

CVE: CVE-2017-3871

Leave a Reply