Sign-up

ID

VAR-201707-0920


CVE

CVE-2017-6709


TITLE

Cisco Ultra Services Framework for AutoVNF Vulnerability in accessing administrator credentials in tools

Trust: 0.8

sources: JVNDB: JVNDB-2017-005319

DESCRIPTION

A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659. AutoVNF tool is one of the virtualization network tools

Trust: 1.71

sources: NVD: CVE-2017-6709 // JVNDB: JVNDB-2017-005319 // VULHUB: VHN-114912

AFFECTED PRODUCTS

vendor:ciscomodel:ultra services frameworkscope:lteversion:5.0.2

Trust: 1.0

vendor:ciscomodel:ultra services frameworkscope: - version: -

Trust: 0.8

vendor:ciscomodel:ultra services frameworkscope:eqversion:5.0.2

Trust: 0.6

sources: JVNDB: JVNDB-2017-005319 // CNNVD: CNNVD-201707-154 // NVD: CVE-2017-6709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6709
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-6709
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201707-154
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114912
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6709
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114912
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6709
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114912 // JVNDB: JVNDB-2017-005319 // CNNVD: CNNVD-201707-154 // NVD: CVE-2017-6709

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-532

Trust: 1.1

sources: VULHUB: VHN-114912 // JVNDB: JVNDB-2017-005319 // NVD: CVE-2017-6709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-154

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201707-154

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005319

PATCH
title:cisco-sa-20170705-usf2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2
Trust: 0.8
title:Cisco Ultra Services Framework AutoVNF Tool information disclosure vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71509
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005319 // 
            
            
            
            CNNVD: CNNVD-201707-154

EXTERNAL IDS
db:NVDid:CVE-2017-6709
Trust: 2.5
db:JVNDBid:JVNDB-2017-005319
Trust: 0.8
db:CNNVDid:CNNVD-201707-154
Trust: 0.7
db:VULHUBid:VHN-114912
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114912 // 
            
            
            
            JVNDB: JVNDB-2017-005319 // 
            
            
            
            CNNVD: CNNVD-201707-154 // 
            
            
            
            NVD: CVE-2017-6709

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-usf2
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6709
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6709
Trust: 0.8
sources:
            
            
            VULHUB: VHN-114912 // 
            
            
            
            JVNDB: JVNDB-2017-005319 // 
            
            
            
            CNNVD: CNNVD-201707-154 // 
            
            
            
            NVD: CVE-2017-6709

SOURCES
db:VULHUBid:VHN-114912
db:JVNDBid:JVNDB-2017-005319
db:CNNVDid:CNNVD-201707-154
db:NVDid:CVE-2017-6709

LAST UPDATE DATE
2025-04-20T23:29:36.294000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114912date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-005319date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201707-154date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6709date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114912date:2017-07-06T00:00:00
db:JVNDBid:JVNDB-2017-005319date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201707-154date:2017-07-11T00:00:00
db:NVDid:CVE-2017-6709date:2017-07-06T00:29:00.427