Details of VAR-201707-0921

ID

VAR-201707-0921

CVE

CVE-2017-6711

TITLE

Cisco Ultra Services Framework of Ultra Automation Service Vulnerability in unauthenticated access to affected devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-005276

DESCRIPTION

A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system's high-availability feature. This vulnerability affects all releases of Cisco Ultra Services Framework UAS prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvd29395. This may aid in further attacks. Ultra Automation Service is one of the automation services

Trust: 1.98

sources: NVD: CVE-2017-6711 // JVNDB: JVNDB-2017-005276 // BID: 99440 // VULHUB: VHN-114914

AFFECTED PRODUCTS

vendor:	cisco	model:	ultra services framework	scope:	lte	version:	5.0.2	Trust: 1.0
vendor:	cisco	model:	ultra services framework	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ultra services framework	scope:	eq	version:	5.0.2	Trust: 0.6
vendor:	cisco	model:	ultra services framework	scope:	ne	version:	5.0.3	Trust: 0.3
vendor:	cisco	model:	ultra services framework	scope:	ne	version:	5.1	Trust: 0.3

sources: BID: 99440 // JVNDB: JVNDB-2017-005276 // CNNVD: CNNVD-201707-153 // NVD: CVE-2017-6711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6711
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6711
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201707-153
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-114914
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6711
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114914
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6711
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114914 // JVNDB: JVNDB-2017-005276 // CNNVD: CNNVD-201707-153 // NVD: CVE-2017-6711

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-114914 // JVNDB: JVNDB-2017-005276 // NVD: CVE-2017-6711

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-153

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201707-153

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005276

PATCH

title:	cisco-sa-20170705-uas	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-uas	Trust: 0.8
title:	Cisco Ultra Services Framework Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71508	Trust: 0.6

sources: JVNDB: JVNDB-2017-005276 // CNNVD: CNNVD-201707-153

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6711	Trust: 2.8
db:	BID	id:	99440	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-005276	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-153	Trust: 0.7
db:	VULHUB	id:	VHN-114914	Trust: 0.1

sources: VULHUB: VHN-114914 // BID: 99440 // JVNDB: JVNDB-2017-005276 // CNNVD: CNNVD-201707-153 // NVD: CVE-2017-6711

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-uas	Trust: 2.0
url:	http://www.securityfocus.com/bid/99440	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6711	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6711	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114914 // BID: 99440 // JVNDB: JVNDB-2017-005276 // CNNVD: CNNVD-201707-153 // NVD: CVE-2017-6711

CREDITS

Cisco

Trust: 0.3

sources: BID: 99440

SOURCES

db:	VULHUB	id:	VHN-114914
db:	BID	id:	99440
db:	JVNDB	id:	JVNDB-2017-005276
db:	CNNVD	id:	CNNVD-201707-153
db:	NVD	id:	CVE-2017-6711

LAST UPDATE DATE

2025-04-20T23:04:45.481000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114914	date:	2019-10-09T00:00:00
db:	BID	id:	99440	date:	2017-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-005276	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-153	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6711	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114914	date:	2017-07-06T00:00:00
db:	BID	id:	99440	date:	2017-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-005276	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-153	date:	2017-07-11T00:00:00
db:	NVD	id:	CVE-2017-6711	date:	2017-07-06T00:29:00.457