CVE-2017-6689

CWE-1188 CWE-2554 documents4 sources

Severity

8.8HIGH

EPSS

0.8%

top 26.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Elastic Services Controller

Timeline

PublishedJun 13

Latest updateMay 13

Description

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.2(9.76).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco_elastic_services_controllerCisco Elastic Services Controller

▶NVDcisco/elastic_services_controller2.2\(9.76\)

🔴Vulnerability Details

GHSA

GHSA-g6w4-9j8g-23j4: A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system a↗2022-05-13

▶

CVEList

CVE-2017-6689: A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system a↗2017-06-13

▶

📋Vendor Advisories

Cisco

Cisco Elastic Services Controller Insecure Default Administrator Credentials Vulnerability↗2017-06-07

▶