cbcvebase.
CVE-2017-6709
published 2017-07-06

CVE-2017-6709: A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials…

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.29%
66.7th percentile
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscoultra_services_framework<= 5.0.2
ciscoultra_services_framework_autovnf_log_file_user_credential

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for unauthenticated HTTP access to the AutoVNF URL path where log files are stored, as attackers exploit this to retrieve clear-text administrative credentials
  • Inspect AutoVNF log files for the presence of clear-text administrative credentials belonging to Cisco ESC and Cisco OpenStack deployments, which indicates either exploitation or vulnerable configuration
  • Flag any unauthenticated remote access attempts to AutoVNF log file URLs on Cisco Ultra Services Framework systems running releases prior to 5.0.3 and 5.1
  • ·No workarounds are available for this vulnerability; the only remediation is upgrading to Cisco Ultra Services Framework Release 5.0.3 or 5.1 and later
  • ·Administrative credentials for both Cisco ESC and Cisco OpenStack are exposed in clear text in AutoVNF log files, meaning a successful exploit grants access to credentials usable for further lateral movement

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.