Privilege escalation in Cisco Ultra Services Framework - CVE-2017-6692
Published: June 8, 2017 / Updated: June 9, 2017
Vulnerability identifier: #VU6974
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6692
CWE-ID: CWE-255
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Ultra Services Framework
Cisco Ultra Services Framework
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of default and static password by user account. A remote attacker can use default credentials to log in to account and gain root privileges.
Successful exploitation of the vulnerability may result in full control over the affected operation system.
The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of default and static password by user account. A remote attacker can use default credentials to log in to account and gain root privileges.
Successful exploitation of the vulnerability may result in full control over the affected operation system.
How to mitigate CVE-2017-6692
Install update from vendor's website.