CVE-2017-12350Hard-coded Credentials in Cisco Umbrella Insights Virtual Appliance

CWE-798Hard-coded Credentials4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.0%
top 84.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Umbrella Insights Virtual ApplianceCisco Umbrella Insights Virtual Appliance
Timeline
PublishedNov 16
Latest updateMay 13

Description

A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5cisco/cisco_umbrella_insights_virtual_applianceCisco Umbrella Insights Virtual Appliance

🔴Vulnerability Details

2
GHSA
GHSA-7rmw-3crx-fwcm: A vulnerability in Cisco Umbrella Insights Virtual Appliances 22022-05-13
CVEList
CVE-2017-12350: A vulnerability in Cisco Umbrella Insights Virtual Appliances 22017-11-16

📋Vendor Advisories

1
Cisco
Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability2017-11-15
CVE-2017-12350 — Hard-coded Credentials in Cisco | cvebase