Sign-up

ID

VAR-201706-0565


CVE

CVE-2017-6686


TITLE

Cisco Ultra Services Framework Element Manager Admin in or oper Vulnerability logged in as a user

Trust: 0.8

sources: JVNDB: JVNDB-2017-004814

DESCRIPTION

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known Affected Releases: 21.0.0. CiscoUltraServicesFramework is an intelligent online service payment platform from Cisco. ElementManager is one of the software used to manage server switches. A security vulnerability exists in CiscoUltraServicesFrameworkElementManager. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76699

Trust: 2.52

sources: NVD: CVE-2017-6686 // JVNDB: JVNDB-2017-004814 // CNVD: CNVD-2017-11859 // BID: 98988 // VULHUB: VHN-114889

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-11859

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services framework element managerscope:eqversion:21.0.0

Trust: 1.6

vendor:ciscomodel:ultra services framework element managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ultra services framework element manager nonescope: - version: -

Trust: 0.6

vendor:ciscomodel:ultra services frameworkscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-11859 // BID: 98988 // JVNDB: JVNDB-2017-004814 // CNNVD: CNNVD-201706-436 // NVD: CVE-2017-6686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6686
value: HIGH

Trust: 1.0

NVD: CVE-2017-6686
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-11859
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-436
value: HIGH

Trust: 0.6

VULHUB: VHN-114889
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6686
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-11859
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114889
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6686
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-11859 // VULHUB: VHN-114889 // JVNDB: JVNDB-2017-004814 // CNNVD: CNNVD-201706-436 // NVD: CVE-2017-6686

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-114889 // JVNDB: JVNDB-2017-004814 // NVD: CVE-2017-6686

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-436

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-436

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004814

PATCH
title:cisco-sa-20170607-usf4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4
Trust: 0.8
title:CiscoUltraServicesFrameworkElementManager default credential security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/96709
Trust: 0.6
title:Cisco Ultra Services Framework Element Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70882
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-11859 // 
            
            
            
            JVNDB: JVNDB-2017-004814 // 
            
            
            
            CNNVD: CNNVD-201706-436

EXTERNAL IDS
db:NVDid:CVE-2017-6686
Trust: 3.4
db:BIDid:98988
Trust: 2.6
db:JVNDBid:JVNDB-2017-004814
Trust: 0.8
db:CNNVDid:CNNVD-201706-436
Trust: 0.7
db:CNVDid:CNVD-2017-11859
Trust: 0.6
db:VULHUBid:VHN-114889
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-11859 // 
            
            
            
            VULHUB: VHN-114889 // 
            
            
            
            BID: 98988 // 
            
            
            
            JVNDB: JVNDB-2017-004814 // 
            
            
            
            CNNVD: CNNVD-201706-436 // 
            
            
            
            NVD: CVE-2017-6686

REFERENCES
url:http://www.securityfocus.com/bid/98988
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-usf4
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6686
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6686
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-11859 // 
            
            
            
            VULHUB: VHN-114889 // 
            
            
            
            BID: 98988 // 
            
            
            
            JVNDB: JVNDB-2017-004814 // 
            
            
            
            CNNVD: CNNVD-201706-436 // 
            
            
            
            NVD: CVE-2017-6686

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98988 // 
            
            
            
            CNNVD: CNNVD-201706-436

SOURCES
db:CNVDid:CNVD-2017-11859
db:VULHUBid:VHN-114889
db:BIDid:98988
db:JVNDBid:JVNDB-2017-004814
db:CNNVDid:CNNVD-201706-436
db:NVDid:CVE-2017-6686

LAST UPDATE DATE
2025-04-20T23:25:00.927000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-11859date:2017-06-28T00:00:00
db:VULHUBid:VHN-114889date:2019-10-03T00:00:00
db:BIDid:98988date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004814date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-436date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6686date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-11859date:2017-06-28T00:00:00
db:VULHUBid:VHN-114889date:2017-06-13T00:00:00
db:BIDid:98988date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004814date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-436date:2017-06-14T00:00:00
db:NVDid:CVE-2017-6686date:2017-06-13T06:29:01.410