CVE-2017-6685 - A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remot

CVE-2017-6685

Summary

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0.

References

http://www.securityfocus.com/bid/98990
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3

Vulnerable Configurations

cpe:2.3:a:cisco:ultra_services_framework_staging_server:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ultra_services_framework_staging_server:21.0.0:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-1188

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bid	98990
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3

Last major update

03-10-2019 - 00:03

Published

13-06-2017 - 06:29

Last modified

03-10-2019 - 00:03