Sign-up

ID

VAR-201706-0566


CVE

CVE-2017-6687


TITLE

Cisco Ultra Services Framework Element Manager Vulnerable to logging into the system using default credentials

Trust: 0.8

sources: JVNDB: JVNDB-2017-004815

DESCRIPTION

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0. CiscoUltraServicesFramework is an intelligent online service payment platform from Cisco. ElementManager is one of the software used to manage server switches. A security vulnerability exists in CiscoUltraServicesFrameworkElementManager. A remote attacker could exploit the vulnerability to log in to an affected device. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvc76695

Trust: 2.52

sources: NVD: CVE-2017-6687 // JVNDB: JVNDB-2017-004815 // CNVD: CNVD-2017-11860 // BID: 98981 // VULHUB: VHN-114890

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-11860

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services framework element managerscope:eqversion:21.0.0

Trust: 1.6

vendor:ciscomodel:ultra services framework element managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:ultra services framework element managerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-11860 // BID: 98981 // JVNDB: JVNDB-2017-004815 // CNNVD: CNNVD-201706-441 // NVD: CVE-2017-6687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6687
value: HIGH

Trust: 1.0

NVD: CVE-2017-6687
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-11860
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-441
value: HIGH

Trust: 0.6

VULHUB: VHN-114890
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6687
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-11860
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114890
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6687
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-11860 // VULHUB: VHN-114890 // JVNDB: JVNDB-2017-004815 // CNNVD: CNNVD-201706-441 // NVD: CVE-2017-6687

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-114890 // JVNDB: JVNDB-2017-004815 // NVD: CVE-2017-6687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-441

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-441

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004815

PATCH
title:cisco-sa-20170607-usf5url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5
Trust: 0.8
title:CiscoUltraServicesFrameworkElementManager Unsafe Default Password Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/96710
Trust: 0.6
title:Cisco Ultra Services Framework Element Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70886
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-11860 // 
            
            
            
            JVNDB: JVNDB-2017-004815 // 
            
            
            
            CNNVD: CNNVD-201706-441

EXTERNAL IDS
db:NVDid:CVE-2017-6687
Trust: 3.4
db:BIDid:98981
Trust: 2.6
db:JVNDBid:JVNDB-2017-004815
Trust: 0.8
db:CNNVDid:CNNVD-201706-441
Trust: 0.7
db:CNVDid:CNVD-2017-11860
Trust: 0.6
db:VULHUBid:VHN-114890
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-11860 // 
            
            
            
            VULHUB: VHN-114890 // 
            
            
            
            BID: 98981 // 
            
            
            
            JVNDB: JVNDB-2017-004815 // 
            
            
            
            CNNVD: CNNVD-201706-441 // 
            
            
            
            NVD: CVE-2017-6687

REFERENCES
url:http://www.securityfocus.com/bid/98981
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-usf5
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6687
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6687
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-11860 // 
            
            
            
            VULHUB: VHN-114890 // 
            
            
            
            BID: 98981 // 
            
            
            
            JVNDB: JVNDB-2017-004815 // 
            
            
            
            CNNVD: CNNVD-201706-441 // 
            
            
            
            NVD: CVE-2017-6687

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98981 // 
            
            
            
            CNNVD: CNNVD-201706-441

SOURCES
db:CNVDid:CNVD-2017-11860
db:VULHUBid:VHN-114890
db:BIDid:98981
db:JVNDBid:JVNDB-2017-004815
db:CNNVDid:CNNVD-201706-441
db:NVDid:CVE-2017-6687

LAST UPDATE DATE
2025-04-20T23:43:03.724000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-11860date:2018-03-06T00:00:00
db:VULHUBid:VHN-114890date:2019-10-03T00:00:00
db:BIDid:98981date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004815date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-441date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6687date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-11860date:2017-06-28T00:00:00
db:VULHUBid:VHN-114890date:2017-06-13T00:00:00
db:BIDid:98981date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004815date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-441date:2017-06-14T00:00:00
db:NVDid:CVE-2017-6687date:2017-06-13T06:29:01.440