Sign-up

ID

VAR-201706-0567


CVE

CVE-2017-6688


TITLE

Cisco Elastic Services Controller In Linux root Vulnerability logged in as a user

Trust: 0.8

sources: JVNDB: JVNDB-2017-004804

DESCRIPTION

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76). An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76631

Trust: 1.98

sources: NVD: CVE-2017-6688 // JVNDB: JVNDB-2017-004804 // BID: 98973 // VULHUB: VHN-114891

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2\(9.76\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2(9.76)

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.2(9.76)

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 98973 // JVNDB: JVNDB-2017-004804 // CNNVD: CNNVD-201706-355 // NVD: CVE-2017-6688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6688
value: HIGH

Trust: 1.0

NVD: CVE-2017-6688
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-355
value: HIGH

Trust: 0.6

VULHUB: VHN-114891
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6688
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114891
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6688
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114891 // JVNDB: JVNDB-2017-004804 // CNNVD: CNNVD-201706-355 // NVD: CVE-2017-6688

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-114891 // JVNDB: JVNDB-2017-004804 // NVD: CVE-2017-6688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-355

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-355

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004804

PATCH
title:cisco-sa-20170607-esc4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004804

EXTERNAL IDS
db:NVDid:CVE-2017-6688
Trust: 2.8
db:BIDid:98973
Trust: 2.0
db:JVNDBid:JVNDB-2017-004804
Trust: 0.8
db:CNNVDid:CNNVD-201706-355
Trust: 0.7
db:VULHUBid:VHN-114891
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114891 // 
            
            
            
            BID: 98973 // 
            
            
            
            JVNDB: JVNDB-2017-004804 // 
            
            
            
            CNNVD: CNNVD-201706-355 // 
            
            
            
            NVD: CVE-2017-6688

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esc4
Trust: 2.0
url:http://www.securityfocus.com/bid/98973
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6688
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6688
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114891 // 
            
            
            
            BID: 98973 // 
            
            
            
            JVNDB: JVNDB-2017-004804 // 
            
            
            
            CNNVD: CNNVD-201706-355 // 
            
            
            
            NVD: CVE-2017-6688

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98973 // 
            
            
            
            CNNVD: CNNVD-201706-355

SOURCES
db:VULHUBid:VHN-114891
db:BIDid:98973
db:JVNDBid:JVNDB-2017-004804
db:CNNVDid:CNNVD-201706-355
db:NVDid:CVE-2017-6688

LAST UPDATE DATE
2025-04-20T23:25:00.897000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114891date:2019-10-03T00:00:00
db:BIDid:98973date:2017-06-09T13:02:00
db:JVNDBid:JVNDB-2017-004804date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-355date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6688date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114891date:2017-06-13T00:00:00
db:BIDid:98973date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004804date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-355date:2017-06-07T00:00:00
db:NVDid:CVE-2017-6688date:2017-06-13T06:29:01.473