CVE-2017-6684 - A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker

CVE-2017-6684

Summary

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.

References

http://www.securityfocus.com/bid/98979
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3

Vulnerable Configurations

cpe:2.3:a:cisco:elastic_services_controller:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:elastic_services_controller:21.0.0:*:*:*:*:*:*:*

CVSS

Base:	9.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-1188

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:C/A:C

refmap via4

bid	98979
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3

Last major update

03-10-2019 - 00:03

Published

13-06-2017 - 06:29

Last modified

03-10-2019 - 00:03