Sign-up

ID

VAR-201707-0923


CVE

CVE-2017-6713


TITLE

Cisco Elastic Services Controller of Play Framework Vulnerabilities that gain full access to affected systems

Trust: 0.8

sources: JVNDB: JVNDB-2017-005278

DESCRIPTION

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks

Trust: 2.07

sources: NVD: CVE-2017-6713 // JVNDB: JVNDB-2017-005278 // BID: 99437 // VULHUB: VHN-114916 // VULMON: CVE-2017-6713

AFFECTED PRODUCTS

vendor:ciscomodel:elastic services controllerscope:eqversion:2.0

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3.0

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:1.0.0

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:1.1.0

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.1.0

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2.0

Trust: 1.6

vendor:ciscomodel:elastic services controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:elastic services controllerscope:eqversion:2.3.1

Trust: 0.3

vendor:ciscomodel:elastic services controllerscope:eqversion:2.2(9.76)

Trust: 0.3

vendor:ciscomodel:elastic services controllerscope:neversion:2.3.2

Trust: 0.3

vendor:ciscomodel:elastic services controllerscope:neversion:2.3.1.434

Trust: 0.3

sources: BID: 99437 // JVNDB: JVNDB-2017-005278 // CNNVD: CNNVD-201707-151 // NVD: CVE-2017-6713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6713
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-6713
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201707-151
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114916
value: HIGH

Trust: 0.1

VULMON: CVE-2017-6713
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6713
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114916
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6713
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114916 // VULMON: CVE-2017-6713 // JVNDB: JVNDB-2017-005278 // CNNVD: CNNVD-201707-151 // NVD: CVE-2017-6713

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-114916 // JVNDB: JVNDB-2017-005278 // NVD: CVE-2017-6713

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-151

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201707-151

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005278

PATCH
title:cisco-sa-20170705-esc2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2
Trust: 0.8
title:Cisco Elastic Services Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71447
Trust: 0.6
title:Cisco: Cisco Elastic Services Controller Unauthorized Access Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170705-esc2
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6713 // 
            
            
            
            JVNDB: JVNDB-2017-005278 // 
            
            
            
            CNNVD: CNNVD-201707-151

EXTERNAL IDS
db:NVDid:CVE-2017-6713
Trust: 2.9
db:BIDid:99437
Trust: 2.1
db:JVNDBid:JVNDB-2017-005278
Trust: 0.8
db:CNNVDid:CNNVD-201707-151
Trust: 0.7
db:VULHUBid:VHN-114916
Trust: 0.1
db:VULMONid:CVE-2017-6713
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114916 // 
            
            
            
            VULMON: CVE-2017-6713 // 
            
            
            
            BID: 99437 // 
            
            
            
            JVNDB: JVNDB-2017-005278 // 
            
            
            
            CNNVD: CNNVD-201707-151 // 
            
            
            
            NVD: CVE-2017-6713

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170705-esc2
Trust: 2.2
url:http://www.securityfocus.com/bid/99437
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6713
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6713
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/770.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114916 // 
            
            
            
            VULMON: CVE-2017-6713 // 
            
            
            
            BID: 99437 // 
            
            
            
            JVNDB: JVNDB-2017-005278 // 
            
            
            
            CNNVD: CNNVD-201707-151 // 
            
            
            
            NVD: CVE-2017-6713

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 99437

SOURCES
db:VULHUBid:VHN-114916
db:VULMONid:CVE-2017-6713
db:BIDid:99437
db:JVNDBid:JVNDB-2017-005278
db:CNNVDid:CNNVD-201707-151
db:NVDid:CVE-2017-6713

LAST UPDATE DATE
2025-04-20T23:32:52.472000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114916date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-6713date:2019-10-09T00:00:00
db:BIDid:99437date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-005278date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201707-151date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6713date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114916date:2017-07-06T00:00:00
db:VULMONid:CVE-2017-6713date:2017-07-06T00:00:00
db:BIDid:99437date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-005278date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201707-151date:2017-07-06T00:00:00
db:NVDid:CVE-2017-6713date:2017-07-06T00:29:00.520