Access bypass in Cisco Ultra Services Framework - CVE-2017-6686
Published: June 8, 2017 / Updated: June 9, 2017
Vulnerability identifier: #VU6977
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6686
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Ultra Services Framework
Cisco Ultra Services Framework
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain access to the target system.
The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of weak, hard-coded credentials of the admin and oper accounts by the affected device. A remote attacker with access to the management network can use default credentials to log in as an admin or oper accounts of the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
The weakness exists in the Cisco Ultra Services Framework Element Manager due to use of weak, hard-coded credentials of the admin and oper accounts by the affected device. A remote attacker with access to the management network can use default credentials to log in as an admin or oper accounts of the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
How to mitigate CVE-2017-6686
Install update from vendor's website.