cbcvebase.
CVE-2017-12350
published 2017-11-16

CVE-2017-12350: A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual…

PriorityP338high8.2CVSS 3.0
AVLACLPRHUINSCCHIHAH
EPSS
0.35%
26.8th percentile
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscoumbrella_insights_virtual_appliance_static_credentials
ciscoumbrella_virtual_appliance<= 2.1.0

CVSS provenance

nvdv3.08.2HIGHCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco6.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.