Sign-up

ID

VAR-201706-0564


CVE

CVE-2017-6685


TITLE

Cisco Ultra Services Framework Staging Server Vulnerable to logging in as an admin user on the affected device

Trust: 0.8

sources: JVNDB: JVNDB-2017-004848

DESCRIPTION

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76681

Trust: 1.98

sources: NVD: CVE-2017-6685 // JVNDB: JVNDB-2017-004848 // BID: 98990 // VULHUB: VHN-114888

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services framework staging serverscope:eqversion:21.0.0

Trust: 1.6

vendor:ciscomodel:ultra services framework staging serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:ultra services framework staging serverscope:eqversion:0

Trust: 0.3

sources: BID: 98990 // JVNDB: JVNDB-2017-004848 // CNNVD: CNNVD-201706-443 // NVD: CVE-2017-6685

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6685
value: HIGH

Trust: 1.0

NVD: CVE-2017-6685
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-443
value: HIGH

Trust: 0.6

VULHUB: VHN-114888
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6685
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114888
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6685
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114888 // JVNDB: JVNDB-2017-004848 // CNNVD: CNNVD-201706-443 // NVD: CVE-2017-6685

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-114888 // JVNDB: JVNDB-2017-004848 // NVD: CVE-2017-6685

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-443

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-443

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004848

PATCH
title:cisco-sa-20170607-usf3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3
Trust: 0.8
title:Cisco Ultra Services Framework Staging Server Repair measures for trust management vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73827
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004848 // 
            
            
            
            CNNVD: CNNVD-201706-443

EXTERNAL IDS
db:NVDid:CVE-2017-6685
Trust: 2.8
db:BIDid:98990
Trust: 2.0
db:JVNDBid:JVNDB-2017-004848
Trust: 0.8
db:CNNVDid:CNNVD-201706-443
Trust: 0.7
db:VULHUBid:VHN-114888
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114888 // 
            
            
            
            BID: 98990 // 
            
            
            
            JVNDB: JVNDB-2017-004848 // 
            
            
            
            CNNVD: CNNVD-201706-443 // 
            
            
            
            NVD: CVE-2017-6685

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-usf3
Trust: 2.0
url:http://www.securityfocus.com/bid/98990
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6685
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6685
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114888 // 
            
            
            
            BID: 98990 // 
            
            
            
            JVNDB: JVNDB-2017-004848 // 
            
            
            
            CNNVD: CNNVD-201706-443 // 
            
            
            
            NVD: CVE-2017-6685

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98990

SOURCES
db:VULHUBid:VHN-114888
db:BIDid:98990
db:JVNDBid:JVNDB-2017-004848
db:CNNVDid:CNNVD-201706-443
db:NVDid:CVE-2017-6685

LAST UPDATE DATE
2025-04-20T23:19:56.357000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114888date:2019-10-03T00:00:00
db:BIDid:98990date:2017-06-12T00:00:00
db:JVNDBid:JVNDB-2017-004848date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-443date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6685date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114888date:2017-06-13T00:00:00
db:BIDid:98990date:2017-06-12T00:00:00
db:JVNDBid:JVNDB-2017-004848date:2017-07-10T00:00:00
db:CNNVDid:CNNVD-201706-443date:2017-06-13T00:00:00
db:NVDid:CVE-2017-6685date:2017-06-13T06:29:01.363