Sign-up

ID

VAR-201706-0563


CVE

CVE-2017-6684


TITLE

Cisco Elastic Services Controller In Linux Logged in to affected systems as an admin user

Trust: 0.8

sources: JVNDB: JVNDB-2017-004847

DESCRIPTION

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76651

Trust: 1.98

sources: NVD: CVE-2017-6684 // JVNDB: JVNDB-2017-004847 // BID: 98979 // VULHUB: VHN-114887

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:21.0.0

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 98979 // JVNDB: JVNDB-2017-004847 // CNNVD: CNNVD-201706-367 // NVD: CVE-2017-6684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6684
value: HIGH

Trust: 1.0

NVD: CVE-2017-6684
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-367
value: HIGH

Trust: 0.6

VULHUB: VHN-114887
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6684
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114887
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6684
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114887 // JVNDB: JVNDB-2017-004847 // CNNVD: CNNVD-201706-367 // NVD: CVE-2017-6684

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-114887 // JVNDB: JVNDB-2017-004847 // NVD: CVE-2017-6684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-367

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-367

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004847

PATCH
title:cisco-sa-20170607-esc3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3
Trust: 0.8
title:Cisco Elastic Services Controller Repair measures for trust management vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71481
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004847 // 
            
            
            
            CNNVD: CNNVD-201706-367

EXTERNAL IDS
db:NVDid:CVE-2017-6684
Trust: 2.8
db:BIDid:98979
Trust: 2.0
db:JVNDBid:JVNDB-2017-004847
Trust: 0.8
db:CNNVDid:CNNVD-201706-367
Trust: 0.7
db:VULHUBid:VHN-114887
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114887 // 
            
            
            
            BID: 98979 // 
            
            
            
            JVNDB: JVNDB-2017-004847 // 
            
            
            
            CNNVD: CNNVD-201706-367 // 
            
            
            
            NVD: CVE-2017-6684

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esc3
Trust: 2.0
url:http://www.securityfocus.com/bid/98979
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6684
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6684
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114887 // 
            
            
            
            BID: 98979 // 
            
            
            
            JVNDB: JVNDB-2017-004847 // 
            
            
            
            CNNVD: CNNVD-201706-367 // 
            
            
            
            NVD: CVE-2017-6684

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98979 // 
            
            
            
            CNNVD: CNNVD-201706-367

SOURCES
db:VULHUBid:VHN-114887
db:BIDid:98979
db:JVNDBid:JVNDB-2017-004847
db:CNNVDid:CNNVD-201706-367
db:NVDid:CVE-2017-6684

LAST UPDATE DATE
2025-04-20T23:04:56.245000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114887date:2019-10-03T00:00:00
db:BIDid:98979date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004847date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-367date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6684date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114887date:2017-06-13T00:00:00
db:BIDid:98979date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004847date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-367date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6684date:2017-06-13T06:29:01.330