Security bypass in Cisco Prime Data Center Network Manager - CVE-2017-6640
Published: June 12, 2017
Vulnerability identifier: #VU7007
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-6640
CWE-ID: CWE-255
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Data Center Network Manager
Cisco Prime Data Center Network Manager
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists in Cisco Prime Data Center Network Manager (DCNM) Software due to use of default, static password by user account. A remote attacker can connect to an affected system and use the credentials for default user account to log in to the affected software and gain access to the administrative console of a DCNM server.
Successful exploitation of the vulnerability results in full access to the device.
The weakness exists in Cisco Prime Data Center Network Manager (DCNM) Software due to use of default, static password by user account. A remote attacker can connect to an affected system and use the credentials for default user account to log in to the affected software and gain access to the administrative console of a DCNM server.
Successful exploitation of the vulnerability results in full access to the device.
How to mitigate CVE-2017-6640
Update to version 10.2(1).