Sign-up

ID

VAR-201706-0571


CVE

CVE-2017-6692


TITLE

Cisco Ultra Services Framework Element Manager In root Vulnerability to log into a device with user privileges

Trust: 0.8

sources: JVNDB: JVNDB-2017-004816

DESCRIPTION

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839. CiscoUltraServicesFramework is an intelligent online service payment platform from Cisco. ElementManager is one of the software used to manage server switches. A security vulnerability exists in CiscoUltraServicesFrameworkElementManager that originated from the default static password used by user accounts. Cisco Ultra Services Framework is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd85710

Trust: 2.52

sources: NVD: CVE-2017-6692 // JVNDB: JVNDB-2017-004816 // CNVD: CNVD-2017-11858 // BID: 98980 // VULHUB: VHN-114895

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-11858

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services framework element managerscope:eqversion:21.0.v0.65839

Trust: 1.6

vendor:ciscomodel:ultra services framework element managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ultra services framework element manager nonescope: - version: -

Trust: 0.6

vendor:ciscomodel:ultra services frameworkscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-11858 // BID: 98980 // JVNDB: JVNDB-2017-004816 // CNNVD: CNNVD-201706-442 // NVD: CVE-2017-6692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6692
value: HIGH

Trust: 1.0

NVD: CVE-2017-6692
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-11858
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-442
value: HIGH

Trust: 0.6

VULHUB: VHN-114895
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6692
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-11858
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114895
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6692
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-11858 // VULHUB: VHN-114895 // JVNDB: JVNDB-2017-004816 // CNNVD: CNNVD-201706-442 // NVD: CVE-2017-6692

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-114895 // JVNDB: JVNDB-2017-004816 // NVD: CVE-2017-6692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-442

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-442

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004816

PATCH
title:cisco-sa-20170607-usf6url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6
Trust: 0.8
title:CiscoUltraServicesFrameworkElementManager default password vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/96708
Trust: 0.6
title:Cisco Ultra Services Framework Element Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70887
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-11858 // 
            
            
            
            JVNDB: JVNDB-2017-004816 // 
            
            
            
            CNNVD: CNNVD-201706-442

EXTERNAL IDS
db:NVDid:CVE-2017-6692
Trust: 3.4
db:BIDid:98980
Trust: 2.6
db:JVNDBid:JVNDB-2017-004816
Trust: 0.8
db:CNNVDid:CNNVD-201706-442
Trust: 0.7
db:CNVDid:CNVD-2017-11858
Trust: 0.6
db:VULHUBid:VHN-114895
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-11858 // 
            
            
            
            VULHUB: VHN-114895 // 
            
            
            
            BID: 98980 // 
            
            
            
            JVNDB: JVNDB-2017-004816 // 
            
            
            
            CNNVD: CNNVD-201706-442 // 
            
            
            
            NVD: CVE-2017-6692

REFERENCES
url:http://www.securityfocus.com/bid/98980
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-usf6
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6692
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6692
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-11858 // 
            
            
            
            VULHUB: VHN-114895 // 
            
            
            
            BID: 98980 // 
            
            
            
            JVNDB: JVNDB-2017-004816 // 
            
            
            
            CNNVD: CNNVD-201706-442 // 
            
            
            
            NVD: CVE-2017-6692

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 98980 // 
            
            
            
            CNNVD: CNNVD-201706-442

SOURCES
db:CNVDid:CNVD-2017-11858
db:VULHUBid:VHN-114895
db:BIDid:98980
db:JVNDBid:JVNDB-2017-004816
db:CNNVDid:CNNVD-201706-442
db:NVDid:CVE-2017-6692

LAST UPDATE DATE
2025-04-20T23:36:50.120000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-11858date:2017-06-28T00:00:00
db:VULHUBid:VHN-114895date:2019-10-03T00:00:00
db:BIDid:98980date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004816date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-442date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6692date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-11858date:2017-06-28T00:00:00
db:VULHUBid:VHN-114895date:2017-06-13T00:00:00
db:BIDid:98980date:2017-06-07T00:00:00
db:JVNDBid:JVNDB-2017-004816date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201706-442date:2017-06-14T00:00:00
db:NVDid:CVE-2017-6692date:2017-06-13T06:29:01.597