Access bypass in Cisco Ultra Services Framework - CVE-2017-6685
Published: June 8, 2017 / Updated: June 9, 2017
Vulnerability identifier: #VU6978
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6685
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Ultra Services Framework
Cisco Ultra Services Framework
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain access to the target system.
The weakness exists in the Cisco Ultra Services Framework Staging Server due to use of weak, hard-coded credentials of the admin account by the affected device. A remote attacker with access to the management network can use default credentials to log in as an admin user of the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
The weakness exists in the Cisco Ultra Services Framework Staging Server due to use of weak, hard-coded credentials of the admin account by the affected device. A remote attacker with access to the management network can use default credentials to log in as an admin user of the affected device.
Successful exploitation of the vulnerability may result in full control over the system.
How to mitigate CVE-2017-6685
Install update from vendor's website.