Sign-up

ID

VAR-201706-0568


CVE

CVE-2017-6689


TITLE

Cisco Elastic Services Controller of ConfD CLI Login vulnerability as an administrator

Trust: 0.8

sources: JVNDB: JVNDB-2017-004805

DESCRIPTION

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.2(9.76). An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76661. ConfD CLI is one of these modules

Trust: 1.98

sources: NVD: CVE-2017-6689 // JVNDB: JVNDB-2017-004805 // BID: 98983 // VULHUB: VHN-114892

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2\(9.76\)

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2(9.76)

Trust: 0.8

vendor:ciscomodel:virtual managed servicesscope:eqversion:2.2(9.76)

Trust: 0.3

vendor:ciscomodel:elastic services controllersscope:eqversion:0

Trust: 0.3

sources: BID: 98983 // JVNDB: JVNDB-2017-004805 // CNNVD: CNNVD-201706-439 // NVD: CVE-2017-6689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6689
value: HIGH

Trust: 1.0

NVD: CVE-2017-6689
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-439
value: HIGH

Trust: 0.6

VULHUB: VHN-114892
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6689
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114892
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6689
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114892 // JVNDB: JVNDB-2017-004805 // CNNVD: CNNVD-201706-439 // NVD: CVE-2017-6689

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-114892 // JVNDB: JVNDB-2017-004805 // NVD: CVE-2017-6689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-439

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-439

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004805

PATCH
title:cisco-sa-20170607-esc5url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc5
Trust: 0.8
title:Cisco Elastic Services Controller ConfD CLI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70884
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004805 // 
            
            
            
            CNNVD: CNNVD-201706-439

EXTERNAL IDS
db:NVDid:CVE-2017-6689
Trust: 2.8
db:BIDid:98983
Trust: 2.0
db:JVNDBid:JVNDB-2017-004805
Trust: 0.8
db:CNNVDid:CNNVD-201706-439
Trust: 0.6
db:VULHUBid:VHN-114892
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114892 // 
            
            
            
            BID: 98983 // 
            
            
            
            JVNDB: JVNDB-2017-004805 // 
            
            
            
            CNNVD: CNNVD-201706-439 // 
            
            
            
            NVD: CVE-2017-6689

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esc5
Trust: 2.0
url:http://www.securityfocus.com/bid/98983
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6689
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6689
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114892 // 
            
            
            
            BID: 98983 // 
            
            
            
            JVNDB: JVNDB-2017-004805 // 
            
            
            
            CNNVD: CNNVD-201706-439 // 
            
            
            
            NVD: CVE-2017-6689

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98983 // 
            
            
            
            CNNVD: CNNVD-201706-439

SOURCES
db:VULHUBid:VHN-114892
db:BIDid:98983
db:JVNDBid:JVNDB-2017-004805
db:CNNVDid:CNNVD-201706-439
db:NVDid:CVE-2017-6689

LAST UPDATE DATE
2025-04-20T23:35:49.580000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114892date:2019-10-03T00:00:00
db:BIDid:98983date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004805date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-439date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6689date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114892date:2017-06-13T00:00:00
db:BIDid:98983date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004805date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-439date:2017-06-14T00:00:00
db:NVDid:CVE-2017-6689date:2017-06-13T06:29:01.520